【转】Oracle Database Server 'TNS Listener'远程数据投毒漏洞（CVE-2012-1675）

来源：http://blog.csdn.net/brj880719/article/details/53158507

 

安全公告：http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html

一、解决方案

1. RAC：My Oracle Support Note 1340831.1
   
2. 非 RAC：My Oracle Support Note 1453883.1 
   

二、简单举例：非 RAC 操作步骤，1453883.1文档中 1)

1. 解决方案分两种
   • Restricting registration to the TCP protocol (Requires the fix for BUG:12880299)
   • Restricting registration to the IPC protocol (The patch for BUG:12880299 is NOT required for the IPC method)
2. 添加"SECURE_REGISTER_[listener_name] = (TCP)"
   
   LISTENER_PROD =
     (DESCRIPTION_LIST =
       (DESCRIPTION =
         (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.66.101)(PORT = 1521))
       ))
   
   
   SECURE_REGISTER_LISTENER_PROD = (TCP)
3. 重启监听
   
   
4. 注册监听
   • SQL> alter system register;
     
5. 校验

• 设置remote_listener参数
  alter system set remote_listener='(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.66.101)(PORT=1551))' scope=memory;
• 查看监听服务状态
  lsnrctl services listener
• 如果remote状态没有或为block状态，则为成功