Security Alert!! Oracle TNS Listener Vulnerability CVE-2012-1675

After the recent main patch bundle did not contain a fix for this vulnerability, Oracle issued a patch on April 30th as nearly all database versions since 8i where affected.

Oracle issued a patch outside its standard patch schedule as this vulnerability was rated as critical risk. Port 1521 could be successfully exploited by a remote user to impact the confidentiality, integrity and availability of systems. Our advice: Start patching as soon as possible, especially in those cases, where port 1521 can be reached via the internet. We expect a rise in port scans aming at TCP 1521. Have a close eye to your firewall logs, SIEM or any other intrusion detection tool you have implemented to know when you're hit.


1. Disclosure of this finding by Joxean Koret (Technical Details)

2. Oracle Scurity Alert CVE-2012-1675