Shulou(Shulou.com)06/01 Report--

Environment: Windows 2008 R2 + Oracle 10.2.0.3

After applying the latest bundle patch, the scan still reported a vulnerability Oracle Database Server 'TNS Listener' remote data poisoning vulnerability (CVE-2012-1675)

1. Identify solution 2. Application solution 3. Verify the patching condition of 4.Reference1. Identify the solution

The solution given by the safety manufacturer:

Link: http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html

Follow this link for a solution:

Solution

Recommendations for protecting against this vulnerability can be found at:

My Oracle Support Note 1340831.1 for Oracle Database deployments that use Oracle Real Application Clusters (RAC).

My Oracle Support Note 1453883.1 for Oracle Database deployments that do not use RAC.

Currently, the environment here is not RAC. Refer to document 1453883.1:

Using Class of Secure Transport (COST) to Restrict Instance Registration (document ID 1453883.1)

Find two solutions:

SOLUTION

There are two methods that can be used to protect the listener using COST "SECURE_REGISTER_listener_name =" in stand alone database installations.

1) Restricting registration to the TCP protocol (Requires the fix for BUG:12880299)

-2. Apply solution 2.1 to determine the status quo

Monitoring profile: listener.ora

Storage path: cd% ORACLE_HOME%/network/admin

Content (secure, all IP related information has been reprocessed): # listener.ora Network Configuration 2.2 try to apply the solution

2.2.1 stop snooping

Lsnrctl stop listener

2.2.2 modify the monitoring profile

Add the COST TCP protocol restriction "SECURE_REGISTER_ [listener _ name] = (TCP)" to the listener.ora.

Match the COST parameter variable listener_name with the name of the listener you are using in the listener.ora, e.g., If your listener name is "LISTENER_PROD" then use SECURE_REGISTER_LISTENER_PROD = (TCP)

Actual modification process:

Switch to the path where the listening configuration file is located: 3. Verify patches 3.1 comment COST rules verify listening

3.1.1 comment out the COST rules for listener.ora files and restart snooping

Comment the COST rule in listener.ora and restart the listener.

Modify the listener.ora file directly, adding a "#" comment to the line you added before. # SECURE_REGISTER_LISTENER = (3.2Uncomment COST rule verification listening

3.2.1 uncomment COST rules restart monitoring and quickly register to verify monitoring service information

Remove the "#" sign before the end of the listening file:

SECURE_REGISTER_LISTENER = (TCP)

Restart snooping: lsnrctl stop listenerlsnrctl start listener

Quick registration of dynamic monitoring: SQL > alter system register

Verify the listening service information. According to the official description, there should be no "REMOTE SERVER" in normal: e:\ oracle\ product\ 10.2.0\ db_1\ network\ ADMIN > lsnrctl services listener LSNRCTL for 32-bit Windows: Version 10.2.0.3.0-Production on 21-September-2016 0:23 Copyright (c) 1991, 2006, Oracle. All rights reserved. Connecting to (DESCRIPTION= (ADDRESS= (PROTOCOL=IPC) (KEY=EXTPROC1521) service summary.. The service "PLSExtProc" contains 1 routine. Routine "PLSExtProc", status UNKNOWN, contains 1 handler for this service. Handler: "DEDICATED" established: 0 rejected: 0 LOCAL SERVER service "orcl" contains 2 routines. Routine "orcl", status UNKNOWN, contains 1 handler for this service. Handler: "DEDICATED" created: 1 rejected: 0 LOCAL SERVER routine "orcl", status READY, containing 1 handler for this service. Handler: "DEDICATED" established: 0 rejected: 0 status: blocked REMOTE SERVER (DESCRIPTION= (ADDRESS= (PROTOCOL=IPC) (KEY=EXTPROC1521) service "orclXDB" contains 1 routine. Routine "orcl", status READY, contains 1 handler for this service. Handler: "D000" established: 0 rejected: 0 current: 0 Max: 1002 status: ready DISPATCHER (ADDRESS= (PROTOCOL=tcp) (HOST=INSPUR-IRMS-138) (PORT=52676)) Service "orcl_XPT" contains 1 routine. Routine "orcl", status READY, contains 1 handler for this service. Handler: "DEDICATED" established: 0 rejected: 0 status: blocked REMOTE SERVER (DESCRIPTION= (ADDRESS= (PROTOCOL=IPC) (KEY=EXTPROC1521) command executed successfully

Actually found the word "REMOTE SERVER", but the corresponding monitoring is blocked.

3.2.2 View Monitoring Log

Cd ORACLE_HOME%/network/log

The listener.log log file already has TNS-01194 information Consistent with official documents: 21-September-2016 11:00:23 * (CONNECT_DATA= (CID= (PROGRAM=) (HOST=) (USER=Administrator)) (COMMAND=services) (ARGUMENTS=64) (SERVICE=listener) (VERSION=169870080)) * services * 021-September-2016 11:00:54 * service_register_NSGR * 1194TNS-01194: listener commands did not reach secure transmission 21-September-2016 11:01:54 * service_register_NSGR * 1194TNS-01194: monitor Program commands did not reach secure transfer 21-September-2016 11:02:54 * service_register_NSGR * 1194TNS-01194: listener commands did not reach secure transfer

3.2.3 restore remote_listener settings

Test complete, restore remote_listener settings

Alter system set remote_listener='' scope=memory; SQL > alter system set remote_listener='' scope=memory

3.2.4 View the monitoring service information E:\ oracle\ product\ 10.2.0\ db_1\ network\ ADMIN > lsnrctl services listener LSNRCTL for 32-bit Windows: Version 10.2.0.3.0-Production on 21-September-2016 11:2 product (c) 1991, 2006, Oracle. All rights reserved. Connecting to (DESCRIPTION= (ADDRESS= (PROTOCOL=IPC) (KEY=EXTPROC1521) service summary.. The service "PLSExtProc" contains 1 routine. Routine "PLSExtProc", status UNKNOWN, contains 1 handler for this service. Handler: "DEDICATED" established: 0 rejected: 0 LOCAL SERVER service "orcl" contains 1 routine. Routine "orcl", status UNKNOWN, contains 1 handler for this service. Handler: "DEDICATED" established: 1 rejected: 0 LOCAL SERVER command executed successfully

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.