Boothe4EveR: Oracle Exploit stop TNS Listener via lsnrctl

If a TNS listener is not password protected everybody can stop the TNS listener (Denial of Service) by sending a STOP command to the TNS listener. This can be done with the lsnrctl command, the tnscmd perl script or via tnsnames.ora.

Even if your TNS listener is protected by a firewall and only accessible via HTTP (e.g. from an application server) it is possible to shutdown the listener,e .g. via iSQLPlus or Oracle Forms, Oracle Reports ...

Example
-- use the IP addess of the database server
lsnrctl stop 192.22.33.44

Solution
Protect your TNS Listener with a password and ADMIN_RESTRICTIONS in the listener.ora

May 24, 2007

Oracle Exploit stop TNS Listener via lsnrctl

Search

Blog Archive

Others Link

My Friends Blog

Online Visitors