Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Usenet -> c.d.o.server -> Re: redirect listener log

Re: redirect listener log

From: joel garry <>
Date: 21 Aug 2006 13:47:03 -0700
Message-ID: <>

Frank van Bortel wrote:
> astalavista schreef:
> >> You heart the bell ring, but do not know
> >> where it hangs (or similar, I try to transform a
> >> Dutch saying here).
> >> It's about redirecting the traffic, and inserting TCP/IP
> >> packets when a logon is ongoing.
> >>
> >> Patched in the January CPU, René Nyffenegger and Pete
> >> Finnigan wrote about it. Here's René's article:
> >>, for
> >> completeness, here's Pete's:
> >>
> >> --
> > This is what I read (from Arup Nanda )
> >
> > Log File Redirection
> > One of the breaches comes from the exploit available in the listener
> > code, in which case a hacker might change the log directory to something
> > other than the default, and then use that to gain valuable information about
> > the listener, the services, the database, and so on. In a more serious
> > exploit, the hacker might direct certain commands to be placed in the trace
> > files that creates a user and grants it a DBA role. These commands are then
> > placed in the glogin.sql file, which is executed automatically every time
> > someone on the server connects to the database using SQL*Plus. When the DBA
> > logs in, the code is also executed, which creates this Trojan horse user. To
> > prevent such an exploit, you should place a password on the listener. When
> > the user tries to modify these values, the correct password must be
> > specified. If the wrong password is supplied, the user gets a TNS-1190
> > error, which also goes to the log file. Here are two sample entries in the
> > log file, when an incorrect password was issued:
> >
> >
> >
> In both cases, the cracker has access to your machine. says:

"All commands except START can be issued when a listener is administered remotely."

And any recent version including XE:

LSNRCTL> help set log_directory
set|show log_{ } [<value>]: set|show log parameters of current listener

So really, "access to the machine" might be something that otherwise appears benign, not necessarily the dba group, although to do the glogin thing would. Unless of course one could figure out how to use the listener itself to put arbitrary commands into glogin, like by making glogin the log file. Oops, did I say something bad?


-- is bogus.
The IRS is friendlier and more cost-effective than private enterprise:
Received on Mon Aug 21 2006 - 15:47:03 CDT

Original text of this message