2级红色威胁：Oracle Listener Discloses Absolute Path and Environment Variables port 1521/tcp
CVE ID: -
Vendor Reference: -
Bugtraq ID: -
The Listener daemon is used to communicate with the Oracle database. By sending a specific listener command, it is possible to obtain the absolute path of the
Oracle binary as well as the list of environment variables.
An unauthorized user can gather information about the system, which may aid in further attacks.
There is no available patch for this problem. Access to the Oracle database should be restricted by firewalling port 1521 (listener port) to prevent outsiders from
gathering such information.
PATH = D:\oracle\ora92\network\log\listener.log
ENVIRONMENT = 'ORACLE_HOME=D:\oracle\ora92,ORACLE_SID=SECTSDB001'
ENVIRONMENT = 'ORACLE_HOME=D:\oracle\ora92,ORACLE_SID=PLSExtProc'