OraFAQ Forum: Security » Preventing VERSION request to TNS Listener

Home » RDBMS Server » Security » Preventing VERSION request to TNS Listener

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

Preventing VERSION request to TNS Listener [message #247908]

Wed, 27 June 2007 08:37

criller
Messages: 2
Registered: June 2007
Location: UK

Junior Member

Hello,

Our company has just had a security review done for it's Oracle servers. One item that was flagged was being able to run a VERSION request against the TNS Listener. The VERSION command can give an attacker version numbers of the installed Oracle software that can then be used to discover and exploit vulnerabilities.

How can we protect against this for our internal network? The audit company suggested server-resident firewalls but I'm not sure about this. What do other people do?

Thanks

PJ

Report message to a moderator

Re: Preventing VERSION request to TNS Listener [message #247917 is a reply to message #247908]

Wed, 27 June 2007 09:07

Michel Cadot
Messages: 68722
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

Before 10g, you can't.
In 10g, only user in dba group or knowing the listener password can do it (of course you have a password on your listener).

Regards
Michel

Report message to a moderator

Re: Preventing VERSION request to TNS Listener [message #247930 is a reply to message #247908]

Wed, 27 June 2007 09:57

criller
Messages: 2
Registered: June 2007
Location: UK

Junior Member

Michel,

Thanks for your quick reply.

We did have a listener password but this stopped our 3rd party monitoring tools working.

Cheers

PJ

Report message to a moderator

Re: Preventing VERSION request to TNS Listener [message #247946 is a reply to message #247930]

Wed, 27 June 2007 10:57

Michel Cadot
Messages: 68722
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

If you don't have a password to talk with your listener, you don't have a protection against anyone sending a valid command.

[edit: incomprehensible and meaningless sentence, I have to sleep]

Regards
Michel

[Updated on: Wed, 27 June 2007 10:59]

Report message to a moderator

Previous Topic:	critical patch update
Next Topic:	see users logging in

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Wed Dec 11 19:50:40 CST 2024