The TNS Poison attack is a type of man-in-the-middle attack. With this attack an attacker can hijack a session and can send SQL commands to database from this session. If the hijacked session user has some critical privileges ( like DBA roles ) the attacker can completely manipulate Oracle database.
At this note, I will show you; how you can check that an Oracle database has this vulnerability and the solution for Oracle databases at Oracle 11.2 version.
With nmap ( at Kali ) we can check The TNS Poison attack. We can use; oracle-tns-poison.nse nmap script .This script has not been included in standard distribution. Therefore we add this script into nmap environment and after updating nmap we can use it
First; get oracle-tns-poison.nse script from
Nmap is a free and open source (license) utility for network discovery and security auditing. That’s why you can get all source from github .
Get the script and put it in a file called oracle-tns-poison.nse at /usr/share/nmap directory.
And update nmap with this new script
Now we are ready to use; oracle-tns-poison.nse script.
But first I will show you the target database which has this vulnerability. This is an Oracle 18.104.22.168 database; at standard installation all databases have this vulnerability. And the solution for this vulnerability is to change the listener configuration
Therefore the initial configuration of the listener are given below.
Now check the vulnerability with this command;
nmap –script=oracle-tns-poison.nse -p 1521 22.214.171.124
As you see we have the vulnerability at this site.
The solution for this is to use Valid Node Checking For Registration for the all listeners ; (Metalink Doc ID 1600630.1)
Simply add this parameter for all listeners ( we have one listener only )
And rebounce the listener
Now check the vulnerability again
It is done, It is not vulnerable.
If there was a scan listener In this case ; we would use below configuration
For Oracle 12c database there is no tns-poison vulnerability. Therefore all the time we advise DBAs to upgrade databases for the sake of security.
I will make the same test with Oracle 12c database without any configuration;
And the listener.ora file
Check the vulnerability against this database.
nmap –script=oracle-tns-poison.nse -p 1521 126.96.36.199
As you see ; Oracle 12c is not vulnerable.
Simply ; If you have Oracle 11g database and below , you have tns-poison vulnerability from the beginning. To protect your database ; use Valid Node Checking For Registration for Oracle 11g .
if your version is Oracle 10g the solution is different and very complicated. I do not want to mention the solution here. Do not stay at Oracle 10g version ; the solution is upgrade your database to 11g .
If you have Oracle 12c ; you have nothing to do. You are secure againt tns-poision attack from the beginning .