RE: Oracle Security Alert for CVE-2012-1675 - 10g extended support

From: Allen, Brandon <Brandon.Allen_at_OneNeck.com>
Date: Thu, 3 May 2012 18:50:47 +0000
Message-ID: <A250F0C68C23514CA9F3DF63D60EE10E0D601278_at_onews31>



Thanks Carol, but the dynamic_registration_listener_name parameter appears to be undocumented in 10g (as far as I could tell) and therefore may not be fully supported. I found it here in the 11.2 doc:

http://docs.oracle.com/cd/E11882_01/network.112/e10835/listener.htm#BGBCEJHE

But, couldn't find it anywhere in the 10.2 doc. I also found MOS doc 130574.1, which suggests using the dynamic_registration_listener_name parameter only in 11g and up and says that dynamic registration "can't be disabled in versions 10g and lower from the listener side". I haven't tested it myself yet, but from your info below, it sounds like the parameter does work in 10g, or are your 10g databases only using 11g listeners?

Thanks,
Brandon

-----Original Message-----
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Carol Dacko

All,
*THE FOLLOWING IS NOT APPLICABLE FOR RAC* - only single instance Oracle databases

This is what we are doing to protect our 10g and 11g versions of the listener before we can apply the workaround described in the CVE_2012_1675.

Directions=

  1. Save listener.ora file to listener.ora.OLD1
  2. Edit the listener.ora file by putting in DYNAMIC_REGISTRATION_<NAME_OF_LISTENER> = OFF

<snip>


Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it.

--
http://www.freelists.org/webpage/oracle-l
Received on Thu May 03 2012 - 13:50:47 CDT

Original text of this message