I had the same response from Oracle to my SR on a related subject. Though I may switch to IPC, I no longer do dynamic registrations, at least for now. Cheers, Wayne - "Never argue with an idiot. They drag you down to their level and then beat you with experience." - Unknown On Thu, May 10, 2012 at 4:34 PM, Jiang, Lu <Lu.Jiang@xxxxxxxxxxxx> wrote: > Turnning dynamic_registration off workaround is supported if we don't > care about dynamically registering instances :) > The following is what I got from Oracle support, this is regarding our > 10.2.0.3 EBS database. > We don't recommend setting dynamic registration OFF. Allowing PMON to > dynamically register an instance is considered Best Practice even in > non-RAC installations. > > The IPC workaround is the recommended solution for non-RAC installations. > > Having said that, you can certainly turn off dynamic registration and it > will protect your listener from this vulnerability. > The setting is supported by Oracle. > > > > From: Carol Dacko [mailto:dackoc@xxxxxxxxx] > Sent: Thursday, May 03, 2012 5:37 PM > To: Allen, Brandon > Cc: oracle Freelists; Lu.Jiang@xxxxxxxxxxxx; bdbafh@xxxxxxxxx > Subject: Re: Oracle Security Alert for CVE-2012-1675 - 10g extended support > > Our 10g databases use 10g listeners, our 11g databases, 11g listeners. > > I have not tested yet to see if it protects the 10g listeners with that > work around. That will be a task for tomorrow. > > HTH! > Carol > On Thu, May 3, 2012 at 2:50 PM, Allen, Brandon <Brandon.Allen@xxxxxxxxxxx > <mailto:Brandon.Allen@xxxxxxxxxxx>> wrote: > Thanks Carol, but the dynamic_registration_listener_name parameter appears > to be undocumented in 10g (as far as I could tell) and therefore may not be > fully supported. I found it here in the 11.2 doc: > > > http://docs.oracle.com/cd/E11882_01/network.112/e10835/listener.htm#BGBCEJHE > > But, couldn't find it anywhere in the 10.2 doc. I also found MOS doc > 130574.1, which suggests using the dynamic_registration_listener_name > parameter only in 11g and up and says that dynamic registration "can't be > disabled in versions 10g and lower from the listener side". I haven't > tested it myself yet, but from your info below, it sounds like the > parameter does work in 10g, or are your 10g databases only using 11g > listeners? > > Thanks, > Brandon > > > > -----Original Message----- > From: oracle-l-bounce@xxxxxxxxxxxxx<mailto:oracle-l-bounce@xxxxxxxxxxxxx> > [mailto:oracle-l-bounce@xxxxxxxxxxxxx<mailto:oracle-l-bounce@xxxxxxxxxxxxx>] > On Behalf Of Carol Dacko > > > All, > *THE FOLLOWING IS NOT APPLICABLE FOR RAC* - only single instance Oracle > databases > > This is what we are doing to protect our 10g and 11g versions of the > listener before we can apply the workaround described in the CVE_2012_1675. > > Directions > 1) Save listener.ora file to listener.ora.OLD1 > 2) Edit the listener.ora file by putting in > DYNAMIC_REGISTRATION_<NAME_OF_LISTENER> = OFF > <snip> > > > ________________________________ > > Privileged/Confidential Information may be contained in this message or > attachments hereto. Please advise immediately if you or your employer do > not consent to Internet email for messages of this kind. Opinions, > conclusions and other information in this message that do not relate to the > official business of this company shall be understood as neither given nor > endorsed by it. > > > -- > //www.freelists.org/webpage/oracle-l > > > -- //www.freelists.org/webpage/oracle-l