Environment: Windows 2008 R2 + Oracle 10.2.0.3
After applying the latest bundle patch, the scan still reported a vulnerability Oracle database Server ' TNS Listener ' Remote Data Poisoning Vulnerability (cve-2012-1675)
·1. Determine the solution
2. Application Solutions
3. Verify Patch Status
4.reference
1. Determine the solution
The solution given by the safety manufacturer:
Link: http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html
Follow this link to get a workaround:
Solution
Recommendations for protecting against this vulnerability can is found at: I
Oracle Support Note 1340831 .1 for Oracle Database deployments the use of Oracle Real application Clusters (RAC).
My Oracle Support Note 1453883.1 for Oracle Database deployments.
The environment here is not RAC, reference document 1453883.1:
Using Class of Secure Transport (cost) to Restrict Instance registration (document ID 1453883.1)
Find two solutions:
SOLUTION
There are two methods that can be used to protect the listener using COST "SECURE_REGISTER_listener_name =" in stand alone database installations.
1) Restricting registration to the TCP protocol (Requires the fix for BUG:12880299)
- or -
2) Restricting registration to the IPC protocol (The patch for BUG:12880299 is NOT required for the IPC method)
Either method accomplishes the same goal but it is your choice which type to implement subject to the restriction* noted below. Both methods will be discussed.
•The second method (using IPC) cannot be used if the database is a member of an Oracle Data Guard broker configuration.
I choose the first solution here:
1) restricting registration to the TCP protocol (Requires The fix for bug:12880299).
2. Application Solutions
2.1 Determine the status quo
Listening Profile: Listener.ora
Storage path: CD%oracle_home%/network/admin
Content (guaranteed to be secure, all IP-related information has been processed two times):
# Listener.ora Network Configuration file:e:\oracle\product\10.2.0\db_1\network\admin\listener.ora
# Generated By Oracle configuration tools.
LISTENER =
(description_list = (
DESCRIPTION =
(address = (PROTOCOL = IPC) (KEY = EXTPROC1521))
(address = (PROTOCOL = TCP) (HOST =192.168.1.138) (PORT = 1521
))) Sid_list_listener =
(sid_list = (
Sid_desc =
(sid_name = Plsextproc)
(oracle_home = E:\oracle\ product\10.2.0\db_1) (Program
= extproc)
(Envs = "Extproc_dlls=any")
)
(Sid_desc =
(GLOBAL = ORCL)
(oracle_home = E:\oracle\product\10.2.0\db_1)
(sid_name = ORCL)
)
Database listener information, original null values:
Sql> Show parameter Local_listener
NAME TYPE VALUE
----------------------------------------------------- ---------------------
Local_listener string
sql> show parameter remote_listener;
NAME TYPE VALUE
--------------------------------------------------------------------------
remote_ Listener string
2.2 Try to apply the solution
2.2.1 Stop listening.
Lsnrctl Stop Listener
2.2.2 To modify the listener configuration file
ADD the cost TCP protocol restriction "secure_register_[listener_name] = (TCP)" to the Listener.ora.
Match the cost parameter variable Listener_name with the name of the listener your are using in the Listener.ora, e.g., If Your listener name is ' Listener_prod ' then use Secure_register_listener_prod = (TCP)
Actual modification Process:
Switch to the path where the listener configuration file is located:
CD%oracle_home%/network/admin
Modify the Listener.ora file directly to add a line at the end of the file:
2.2.3, start listening.
Start listening:
Sign up for dynamic listening now:
Sql> alter system register;
2.2.4 Settings Local_listener
Alter system set local_listener= ' (DESCRIPTION = (address = (PROTOCOL = TCP) (HOST =192.168.1.138) (PORT = 1521)) ' scope = b Oth
2.2.5 View the Listening service information
LSNRCTL Services Listener
E:\ORACLE\PRODUCT\10.2.0\DB_1\NETWORK\ADMIN>LSNRCTL Services Listener
Lsnrctl For 32-bit windows:version 10.2.0.3.0-production on 2 January-September -2016 10:2
2:02
Copyright (c) 1991, 2006, Oracle. All rights reserved.
Connecting to (Description= (address= (PROTOCOL=IPC) (key=extproc1521))
Service summary ...
The service "Plsextproc" contains 1 routines.
routine "Plsextproc", State UNKNOWN, contains 1 handlers for this service ...
Handler:
"Dedicated" has been established: 0 Rejected: 0 The local
SERVER
service "ORCL" contains 1 routines.
routine "ORCL", State UNKNOWN, contains 1 handlers for this service ...
Handler:
"Dedicated" has been established: 3 has been rejected: 0 local
SERVER
3. Verify the repair situation
3.1 Annotation cost Rule verification monitor
3.1.1 Comment out the cost rule of the Listener.ora file and restart the monitor
Comment the Listener.ora and restart the listener.
Modify the Listener.ora file directly, preceded by a line added with a "#" comment.
Reboot Monitor:
3.1.2 Set Remote_listener to view listening service information
Set Remote_listener:
Sql> alter system set remote_listener= ' (address = (PROTOCOL = TCP) (HOST =192.168.1.138) (PORT = 1521)) ' Scope=memory;
Fast Dynamic Listener Registration:
View the listening service information and found the word "REMOTE SERVER" indicating that the vulnerability exists at this time:
E: \ oracle \ product \ 10.2.0 \ db_1 \ network \ ADMIN> lsnrctl services listener
LSNRCTL for 32-bit Windows: Version 10.2.0.3.0-Production on 21-September -2016 10: 4
4:18
Copyright (c) 1991, 2006, Oracle. All rights reserved.
Connecting to (DESCRIPTION = (ADDRESS = (PROTOCOL = IPC) (KEY = EXTPROC1521)))
Service Summary:
The service "PLSExtProc" contains 1 routine.
Routine "PLSExtProc", status UNKNOWN, contains 1 handler for this service ...
Handler:
"DEDICATED" Established: 0 Rejected: 0
LOCAL SERVER
The service "orcl" contains 2 routines.
Routine "orcl", status UNKNOWN, contains 1 handler for this service ...
Handler:
"DEDICATED" Established: 0 Rejected: 0
LOCAL SERVER
Routine "orcl", status READY, contains 2 handlers for this service ...
Handler:
"DEDICATED" Established: 0 Rejected: 0 Status: ready
LOCAL SERVER
"DEDICATED" Established: 0 Rejected: 0 Status: ready
REMOTE SERVER
(DESCRIPTION = (ADDRESS = (PROTOCOL = IPC) (KEY = EXTPROC1521)))
The service "orclXDB" contains 1 routine.
Routine "orcl", status READY, contains 1 handler for this service ...
Handler:
"D000" Established: 0 Rejected: 0 Current: 0 Max: 1002 Status: ready
DISPATCHER <machine: INSPUR-IRMS-138, pid: 6728>
(ADDRESS = (PROTOCOL = tcp) (HOST = INSPUR-IRMS-138) (PORT = 52676))
The service "orcl_XPT" contains 1 routine.
Routine "orcl", status READY, contains 2 handlers for this service ...
Handler:
"DEDICATED" Established: 0 Rejected: 0 Status: ready
LOCAL SERVER
"DEDICATED" Established: 0 Rejected: 0 Status: ready
REMOTE SERVER
(DESCRIPTION = (ADDRESS = (PROTOCOL = IPC) (KEY = EXTPROC1521)))
Command executed successfully
3.2 Uncomment the cost rule to verify the monitor
3.2.1 Uncomment the cost rule restart listening and register quickly to verify the listening service information
Remove the "#" number before the line at the end of the listening file:
Reboot Monitor:
Fast sign up for dynamic monitoring:
Verify the Listening service information, according to the official file description, the normal should not be "REMOTE SERVER" words:
E:\ORACLE\PRODUCT\10.2.0\DB_1\NETWORK\ADMIN>LSNRCTL Services Listener Lsnrctl for 32-bit windows:version 10.2.0.3.0-production on 2 January-September -2016 11:0 0:23 Copyright (c) 1991, 2006, Oracle.
All rights reserved.
Connecting to (Description= (address= (PROTOCOL=IPC) (key=extproc1521)) Service summary ...
The service "Plsextproc" contains 1 routines.
Routine "Plsextproc", State UNKNOWN, contains 1 handlers for this service ... Handler: "Dedicated" has been established: 0
has been rejected: 0
The local SERVER service "ORCL" contains 2 routines.
Routine "ORCL", State UNKNOWN, contains 1 handlers for this service ...
Handler: "Dedicated" has been established: 1 has been rejected: 0
Local SERVER routine "ORCL", State READY, contains 1 handlers for this service ... Handler: "Dedicated" has been established: 0 Rejected: 0
Status: Blocked REMOTE SERVER (description= (address= (PROTOCOL=IPC) (key=extproc1521)) service "Orclxdb" contains 1 routines.
Routine "ORCL", State READY, contains 1 handlers for this service ... Handler: "D000" has been established: 0 has been rejected: 0 Current: 0 Max: 1002 Status: Ready DISPATCHER <machine:inspur-irms-138, pid:6728> (address= (protocol=tcp) (host=inspur-irms-
138) (port=52676) service "ORCL_XPT" contains 1 routines.
Routine "ORCL", State READY, contains 1 handlers for this service ... Handler: "Dedicated" has been established: 0 Rejected: 0 Status: Blocked REMOTE servER (description= (address= (PROTOCOL=IPC)) command execution succeeded in actually discovering the word "REMOTE SERVER", but the corresponding listening is blocked.
3.2.2 View the Listening log
CD%oracle_home%/network/log
Listener.log log files already have TNS-01194 information, consistent with official files:
2 January-September -2016 11:00:23 * (Connect_data= (cid= (program=) (host=) (User=administrator)) (command=services) (arguments=64) ( Service=listener) (version=169870080)) * Services * 0
2 January-September -2016 11:00:54 * SERVICE_REGISTER_NSGR * 1194
TNS-01194: Listener command not reached secure transmission
2 January-September -2016 11:01:54 * SERVICE_REGISTER_NSGR * 1194
TNS-01194: Listener command not reached secure transport
2 January-September -2016 11:02:54 * SERVICE_REGISTER_NSGR * 1194
TNS-01194: Listener command not reached secure transport
3.2.3 Restore Remote_listener Settings
Test complete, restore Remote_listener settings
Alter system set remote_listener= ' Scope=memory;
3.2.4 View the Listening service information
E:\ORACLE\PRODUCT\10.2.0\DB_1\NETWORK\ADMIN>LSNRCTL Services Listener
lsnrctl for 32-bit windows:version 10.2.0.3.0-production on 2 January-September -2016 11:2
2:17
Copyright (c) 1991, 2006, Oracle. All rights reserved.
Connecting to (Description= (address= (PROTOCOL=IPC) (key=extproc1521))
Service summary ...
The service "Plsextproc" contains 1 routines.
routine "Plsextproc", State UNKNOWN, contains 1 handlers for this service ...
Handler:
"Dedicated" has been established: 0 Rejected: 0 The local
SERVER
service "ORCL" contains 1 routines.
routine "ORCL", State UNKNOWN, contains 1 handlers for this service ...
Handler:
"Dedicated" established: 1 rejected: 0 local
SERVER
command execution succeeded
4.Reference
using Class of Secure Transport (cost) to Restrict Instance registration (document ID 1453883.1)