In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >
Share
Shulou(Shulou.com)06/01 Report--
About CVE-2012-1675
Green League scanning system, reported a security breach, studied the following
Normal 0 7.8 lb 0 2 false false false EN-US ZH-CN X-NONE
Oracle security warning
It is described in Security warning CVE-2012-1675:
Http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html
The discoverer and description of this vulnerability
Http://seclists.org/fulldisclosure/2012/Apr/204
The vulnerability mainly affects listeners.
The main harm is that attackers can create a database with the same name as the current production database and register it with the monitoring of the production database.
This will cause the user connection to be routed to the instance created by the attacker, resulting in an interruption of the business response
Application reports ORA-12545: Connect failed because target host or object does not exist
Affected version
Although the security warning describes the beginning of 10203, it is actually any version starting from 8i
How to find an attacker
If you encounter an attack, it is not convenient to view the attacker's machine.
At that time, it was tested that the feasible method was to close the database instance and all connections, and check the machines still connected to port 1521.
There is no registrant's IP and hostname information in the listening log
TRC snooping could not find the IP and hostname of the registered listener
How to avoid being affected by this security vulnerability?
1. Setting listeners does not accept dynamic registration, and all instances are registered statically (single instance and RAC without load_balance)
two。 Set to allow only specific IP access listeners
3. Set Class of Secure Transport to allow only local instances or instances of specific machines to register with listeners.
This feature was introduced in 10203, but there is Bug 12880299-TCP handlers block if listener registration is restricted to IPC with COST [ID 12880299.8]
If the patch is not installed, only the dynamic snooping registration of IPC protocol can be restricted, and the default dynamic snooping registration of TCP protocol cannot be restricted.
If you use the TCP protocol between the monitor and the database, you need to install Patch22880299, which is included in each version of the latest PSU (not included in 10203)
11.2.0.4. Patch Set Update
11.2.0.3.3 Patch Set Update
11.2.0.2.7 Patch Set Update
11.1.0.7.12 Patch Set Update
10.2.0.5.8 Patch Set Update
10.2.0.4.13 Patch Set Update
Single instance, RAC of server load balancer is not ready to be enabled. For more information, please see
Using Class of Secure Transport (COST) to Restrict Instance Registration [ID 1453883.1]
Https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1453883.1
RAC that requires server load balancing. Refer to
Using Class of Secure Transport (COST) to Restrict Instance Registration in Oracle RAC [ID 1340831.1]
Https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1340831.1
1. Identify the solution
2. Application solution
3. Verify patching
4.Reference
1. Identify the solution
The solution given by the safety manufacturer:
Link: http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html
Follow this link for a solution:
1 2 3 4Solution Recommendations for protecting against this vulnerability can be found at: My Oracle Support Note 1340831.1 for Oracle Database deployments that use Oracle Real Application Clusters (RAC). My Oracle Support Note 1453883.1 for Oracle Database deployments that do not use RAC.
Currently, the environment here is not RAC. Refer to document 1453883.1:
Using Class of Secure Transport (COST) to Restrict Instance Registration (document ID 1453883.1)
Find two solutions:
1 2 3 4 5 6 7SOLUTION There are two methods that can be used to protect the listener using COST "SECURE_REGISTER_listener_name =" in stand alone database installations. 1) Restricting registration to the TCP protocol (Requires the fix for BUG:12880299)-or-2) Restricting registration to the IPC protocol (The patch for BUG:12880299 is NOT required for the IPC method) Either method accomplishes the same goal but it is your choice which type to implement subject to the restriction* noted below. Both methods will be discussed. The second method (using IPC) cannot be used if the database is a member of an Oracle Data Guard broker configuration.
I choose the first solution here:
1) Restricting registration to the TCP protocol (Requires the fix for BUG:12880299).
two。 Application solution
2.1 determine the status quo
Monitoring profile: listener.ora
Storage path: cd% ORACLE_HOME%/network/admin
Content (ensure security, all IP-related information has been processed twice):
? 12 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 2 listener.ora Network Configuration File: e:\ oracle\ product\ 10.2.0\ db_1\ NETWORK\ ADMIN\ listener.ora # Generated by Oracle configuration tools. LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = IPC) (KEY = EXTPROC1521)) (ADDRESS = (PROTOCOL = TCP) (HOST = 192.168.1.138) (PORT = 1521) SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (SID_NAME = PLSExtProc) (ORACLE_HOME = E:\ oracle\ product\ 10.2.0\ db_1) (PROGRAM = extproc) (ENVS = "EXTPROC_DLLS=ANY") SID_DESC = (GLOBAL = orcl) (ORACLE_HOME = E:\ oracle\ product\ 10.2.0\ db_1) (SID_NAME = orcl) ADR_BASE_LISTENER = E:\ oracle
Database listening information, the original are null values:
? 1 2 3 4 5 6 7 8 9SQL > show parameter local_listener NAME TYPE VALUE-local_listener string SQL > show parameter remote_listener NAME TYPE VALUE-remote_listener string SQL >
2.2 try to apply the solution
2.2.1 stop snooping
Lsnrctl stop listener
2.2.2 modify the monitoring profile
1 2Add the COST TCP protocol restriction "SECURE_REGISTER_ [listener _ name] = (TCP)" to the listener.ora. Match the COST parameter variable listener_name with the name of the listener you are using in the listener.ora, e.g., If your listener name is "LISTENER_PROD" then use SECURE_REGISTER_LISTENER_PROD = (TCP)
Actual modification process:
Switch to the path where the listening profile is located:
Cd ORACLE_HOME%/network/admin
Modify the listener.ora file directly by adding a line at the end of the file:
1SECURE_REGISTER_LISTENER = (TCP)
2.2.3 start monitoring
Start monitoring:
1lsnrctl start listener
Register dynamic Monitoring now:
1SQL > alter system register
2.2.4 set local_listener
1 2alter system set local_listener='(DESCRIPTION = (ADDRESS = (PROTOCOL = TCP) (HOST = 192.168.1.138) (PORT = 1521)) 'scope = both; show parameter local_listener
2.2.5 View monitoring service information
1 2 3 4 5lsnrctl services listener E:\ oracle\ product\ 10.2.0\ db_1\ network\ ADMIN > lsnrctl services listener LSNRCTL for 32-bit Windows: Version 10.2.0.3.0-Production on 21-September-2016 10:2 Copyright (c) 1991, 2006, Oracle. All rights reserved.
12 3 4 5 6 7 8 9 10 11 12 13 is connecting to (DESCRIPTION= (ADDRESS= (PROTOCOL=IPC) (KEY = EXTPROC1521)) service summary.. The service "PLSExtProc" contains 1 routine. Routine "PLSExtProc", status UNKNOWN, contains 1 handler for this service. Handler: "DEDICATED" established: 0 rejected: 0 LOCAL SERVER service "orcl" contains 1 routine. Routine "orcl", status UNKNOWN, contains 1 handler for this service. Handler: "DEDICATED" established: 3 rejected: 0 LOCAL SERVER command executed successfully
3. Verify patching
3.1Annotation COST rule verification snooping
3.1.1 comment out the COST rules for listener.ora files and restart snooping
1Comment the COST rule in listener.ora and restart the listener.
Modify the listener.ora file directly, adding a "#" comment to the line you added before.
1#SECURE_REGISTER_LISTENER = (TCP)
Restart monitoring:
1 2lsnrctl stop listener lsnrctl start listener
3.1.2 View the monitoring service information after setting remote_listener
Set up the remote_listener:
1 2SQL > alter system set remote_listener='(ADDRESS = (PROTOCOL = TCP) (HOST = 192.168.1.138) (PORT = 1521)) 'scope=memory; SQL > show parameter remote_listener
Fast dynamic Monitoring Registration:
1SQL > alter system register
Check the monitoring service information and find the word "REMOTE SERVER", indicating that the vulnerability exists at this time:
12 34 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 23 24 25 26 27 29 30 31 33 33 36 37 38 39 40 41E:\ oracle\ product\ 10.2.0\ db_1\ network\ ADMIN > lsnrctl services listener LSNRCTL for 32-bit Windows: Version 10.2.0.3.0-Production on 21-September-2016 4:18 Copyright (c) 1991, 2006, Oracle. All rights reserved. Connecting to (DESCRIPTION= (ADDRESS= (PROTOCOL=IPC) (KEY = EXTPROC1521)) service summary.. The service "PLSExtProc" contains 1 routine. Routine "PLSExtProc", status UNKNOWN, contains 1 handler for this service. Handler: "DEDICATED" established: 0 rejected: 0 LOCAL SERVER service "orcl" contains 2 routines. Routine "orcl", status UNKNOWN, contains 1 handler for this service. Handler: "DEDICATED" established: 0 rejected: 0 LOCAL SERVER routine "orcl", status READY, containing 2 handlers for this service. Handler: "DEDICATED" established: 0 rejected: 0 status: ready LOCAL SERVER "DEDICATED" established: 0 rejected: 0 status: ready REMOTE SERVER (DESCRIPTION= (ADDRESS= (PROTOCOL=IPC) (KEY = EXTPROC1521) Service "orclXDB" contains 1 routine. Routine "orcl", status READY, contains 1 handler for this service. Handler: "D000" established: 0 rejected: 0 current: 0 Max: 1002 status: ready DISPATCHER (ADDRESS= (PROTOCOL=tcp) (HOST=INSPUR-IRMS-138) (PORT=52676)) Service "orcl_XPT" contains 1 routine. Routine "orcl", status READY, contains 2 handlers for this service. Handler: "DEDICATED" established: 0 rejected: 0 status: ready LOCAL SERVER "DEDICATED" established: 0 rejected: 0 status: ready REMOTE SERVER (DESCRIPTION= (ADDRESS= (PROTOCOL=IPC) (KEY = EXTPROC1521) command executed successfully
3.2 Uncomment COST rules to verify listening
3.2.1 uncomment COST rules restart monitoring and quickly register to verify monitoring service information
Remove the "#" sign before the end of the listening file:
1SECURE_REGISTER_LISTENER = (TCP)
Restart monitoring:
1 2lsnrctl stop listener lsnrctl start listener
Quickly register for dynamic monitoring:
1SQL > alter system register
Verify the information of the listening service. According to the description of the official file, there should be no "REMOTE SERVER" in normal:
12 34 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 23 24 25 26 27 28 29 31 32 33 35 36 37 38E:\ oracle\ product\ 10.2.0\ db_1\ network\ ADMIN > lsnrctl services listener LSNRCTL for 32-bit Windows: Version 10.2.0.3.0-Production on 21-September-2016 0:23 Copyright (c) 1991, 2006, Oracle. All rights reserved. Connecting to (DESCRIPTION= (ADDRESS= (PROTOCOL=IPC) (KEY = EXTPROC1521)) service summary.. The service "PLSExtProc" contains 1 routine. Routine "PLSExtProc", status UNKNOWN, contains 1 handler for this service. Handler: "DEDICATED" established: 0 rejected: 0 LOCAL SERVER service "orcl" contains 2 routines. Routine "orcl", status UNKNOWN, contains 1 handler for this service. Handler: "DEDICATED" created: 1 rejected: 0 LOCAL SERVER routine "orcl", status READY, containing 1 handler for this service. Handler: "DEDICATED" established: 0 rejected: 0 status: blocked REMOTE SERVER (DESCRIPTION= (ADDRESS= (PROTOCOL=IPC) (KEY = EXTPROC1521) Service "orclXDB" contains 1 routine. Routine "orcl", status READY, contains 1 handler for this service. Handler: "D000" established: 0 rejected: 0 current: 0 Max: 1002 status: ready DISPATCHER (ADDRESS= (PROTOCOL=tcp) (HOST=INSPUR-IRMS-138) (PORT=52676)) Service "orcl_XPT" contains 1 routine. Routine "orcl", status READY, contains 1 handler for this service. Handler: "DEDICATED" has been established: 0 rejected: 0 status: blocked REMOTE SERVER (DESCRIPTION= (ADDRESS= (PROTOCOL=IPC) (KEY = EXTPROC1521)) command is successfully executed and the word "REMOTE SERVER" is actually found, but the corresponding listeners are all blocked.
3.2.2 View Monitoring Log
Cd ORACLE_HOME%/network/log
The listener.log log file already has TNS-01194 information, which is consistent with the official file:
1 23 4 5 6 721-September-2016 11:00:23 * (CONNECT_DATA= (CID= (PROGRAM=) (HOST=) (USER = Administrator)) (COMMAND=services) (ARGUMENTS=64) (SERVICE=listener) (VERSION=169870080)) * services * 021-September-2016 11:00:54 * service_register_NSGR * 1194 TNS-01194: listener commands did not reach secure transmission 21-September-2016 11:01:54 * service_register_NSGR * 1194 TNS-01194: monitor Program commands did not reach secure transfer 21-September-2016 11:02:54 * service_register_NSGR * 1194 TNS-01194: listener commands did not reach secure transfer
3.2.3 restore remote_listener settings
Test complete, restore remote_listener settings
1 2alter system set remote_listener= 'scope=memory; SQL > alter system set remote_listener=' scope=memory
3.2.4 View monitoring service information
12 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17E:\ oracle\ product\ 10.2.0\ db_1\ network\ ADMIN > lsnrctl services listener LSNRCTL for 32-bit Windows: Version 10.2.0.3.0-Production on 21-September-2016 2:17 Copyright (c) 1991, 2006, Oracle. All rights reserved. Connecting to (DESCRIPTION= (ADDRESS= (PROTOCOL=IPC) (KEY = EXTPROC1521)) service summary.. The service "PLSExtProc" contains 1 routine. Routine "PLSExtProc", status UNKNOWN, contains 1 handler for this service. Handler: "DEDICATED" established: 0 rejected: 0 LOCAL SERVER service "orcl" contains 1 routine. Routine "orcl", status UNKNOWN, contains 1 handler for this service. Handler: "DEDICATED" established: 1 rejected: 0 LOCAL SERVER command executed successfully
4.Reference
Using Class of Secure Transport (COST) to Restrict Instance Registration (document ID 1453883.1)
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.