Novell Home

CVE-2012-1675

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-1675 at MITRE

Description

The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."

NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 760074

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Manager 1.2 for SLE 11 SP1
  • oracle-update >= 0.1-0.5.8.1
Builds
SAT Patch Nr: 6368

© 2014 Novell