RE: Oracle Security Alert for CVE-2012-1675 - 10g extended support
- From: Herring Dave - dherri <Dave.Herring@xxxxxxxxxx>
- To: "Brandon.Allen@xxxxxxxxxxx" <Brandon.Allen@xxxxxxxxxxx>, "dackoc@xxxxxxxxx" <dackoc@xxxxxxxxx>, oracle Freelists <Oracle-L@xxxxxxxxxxxxx>
- Date: Thu, 3 May 2012 19:39:52 +0000
DYNAMIC_REGISTRATION_<listener> is a part of listener feature changes
(including COST) that were added to 10.2.0.3 (from what I've read) and above
but not included in the doc under 11g.
DAVID HERRING
DBA
Acxiom Corporation
EML dave.herring@xxxxxxxxxx
TEL 630.944.4762
MBL 630.430.5988
1501 Opus Pl, Downers Grove, IL 60515, USA
WWW.ACXIOM.COM
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
Behalf Of Allen, Brandon
Sent: Thursday, May 03, 2012 1:51 PM
To: dackoc@xxxxxxxxx; oracle Freelists
Cc: Lu.Jiang@xxxxxxxxxxxx; bdbafh@xxxxxxxxx
Subject: RE: Oracle Security Alert for CVE-2012-1675 - 10g extended support
Thanks Carol, but the dynamic_registration_listener_name parameter appears to
be undocumented in 10g (as far as I could tell) and therefore may not be fully
supported. I found it here in the 11.2 doc:
http://docs.oracle.com/cd/E11882_01/network.112/e10835/listener.htm#BGBCEJHE
But, couldn't find it anywhere in the 10.2 doc. I also found MOS doc 130574.1,
which suggests using the dynamic_registration_listener_name parameter only in
11g and up and says that dynamic registration "can't be disabled in versions
10g and lower from the listener side". I haven't tested it myself yet, but
from your info below, it sounds like the parameter does work in 10g, or are
your 10g databases only using 11g listeners?
Thanks,
Brandon
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
Behalf Of Carol Dacko
All,
*THE FOLLOWING IS NOT APPLICABLE FOR RAC* - only single instance Oracle
databases
This is what we are doing to protect our 10g and 11g versions of the listener
before we can apply the workaround described in the CVE_2012_1675.
Directions=
1) Save listener.ora file to listener.ora.OLD1
2) Edit the listener.ora file by putting in
DYNAMIC_REGISTRATION_<NAME_OF_LISTENER> = OFF
<snip>
________________________________
Privileged/Confidential Information may be contained in this message or
attachments hereto. Please advise immediately if you or your employer do not
consent to Internet email for messages of this kind. Opinions, conclusions and
other information in this message that do not relate to the official business
of this company shall be understood as neither given nor endorsed by it.
--
//www.freelists.org/webpage/oracle-l
***************************************************************************
The information contained in this communication is confidential, is
intended only for the use of the recipient named above, and may be legally
privileged.
If the reader of this message is not the intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited.
If you have received this communication in error, please resend this
communication to the sender and delete the original message or any copy
of it from your computer system.
Thank You.
****************************************************************************
--
//www.freelists.org/webpage/oracle-l
Other related posts:
