>
> You heart the bell ring, but do not know
> where it hangs (or similar, I try to transform a
> Dutch saying here).
> It's about redirecting the traffic, and inserting TCP/IP
> packets when a logon is ongoing.
>
> Patched in the January CPU, René Nyffenegger and Pete
> Finnigan wrote about it. Here's René's article:
> http://www.adp-gmbh.ch/blog/2006/01/24.php, for
> completeness, here's Pete's:
> http://www.petefinnigan.com/weblog/archives/00000699.htm
> --
This is what I read (from Arup Nanda )
Log File Redirection
One of the breaches comes from the exploit available in the listener
code, in which case a hacker might change the log directory to something
other than the default, and then use that to gain valuable information about
the listener, the services, the database, and so on. In a more serious
exploit, the hacker might direct certain commands to be placed in the trace
files that creates a user and grants it a DBA role. These commands are then
placed in the glogin.sql file, which is executed automatically every time
someone on the server connects to the database using SQL*Plus. When the DBA
logs in, the code is also executed, which creates this Trojan horse user. To
prevent such an exploit, you should place a password on the listener. When
the user tries to modify these values, the correct password must be
specified. If the wrong password is supplied, the user gets a TNS-1190
error, which also goes to the log file. Here are two sample entries in the
log file, when an incorrect password was issued:
Received on Mon Aug 21 2006 - 14:20:37 CDT
