VULHUB ™

A vulnerability has been reported for the Listener Control utility (LSNRCTL). Reportedly, the Listener Control utility is vulnerable to format string attacks. This vulnerability is due to the default configuration of the Oracle Listener. The Listener, by default, allows users to modify configuration files without authenticating. It is possible for an attacker to modify certain entries in the file, listener.ora, to insert a format string exploit. An attacker exploiting this vulnerability may obtain control over the Listener Control utility.

A vulnerability has been reported for the Listener Control utility (LSNRCTL). Reportedly, the Listener Control utility is vulnerable to format string attacks. This vulnerability is due to the default configuration of the Oracle Listener. The Listener, by default, allows users to modify configuration files without authenticating. It is possible for an attacker to modify certain entries in the file, listener.ora, to insert a format string exploit. An attacker exploiting this vulnerability may obtain control over the Listener Control utility.