Errors implementing the ORACLE Security patch CVE-2012-1675 in a TWO_TASK
- Article Type: General
- Product: Aleph
- Product Version: 20
Problem Symptoms:
* While executing the script ./ora_listener_patch the following error below is displayed
0] servername:/opt/app/XXXTST/scripts/admin # ./ora_listener_patch
Verifying archive integrity... All good.
Uncompressing Fix For Oracle Listener Security Issue...............
Starting Fri Sep 21 08:31:47 CEST 2012
Log location: /tmp/listener_config_output.20120921.083147.log
Please enter Ex Libris customer code (country code + customer):
NNXXX
Please enter the products that you would like to patch (product1, product2 ...):
Aleph
Starting Fri Sep 21 08:31:47 CEST 2012
[...]
sqlplus to failed
DONE Fri Sep 21 08:32:00 CEST 2012
Cause:
The problem can happen in cases when
* the Oracle database is on a separate server
* the Oracle software was installed and the database was created by the customer
* Ex Libris Support has no access to the operating system command line on the database server
Resolution:
(by Oracle Support)
* Oracle Support Note 1453883.1: "Using Class of Secure Transport (COST) to Restrict Instance Registration"
Section 2 of the document is relevant:
"Setting a COST restriction using the IPC protocol to limit registration to local instances."
* Example for changes that are implemented using the script ora_listener_patch distributed by Ex Libris:
Before the change:
-- value of DB initialization parameter local_listener:
not defined
-- file listener.ora:
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = alephhost)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
)
)
sid_list_listener=(sid_list=
(sid_desc=
(global_name=aleph20)
(sid_name=aleph20)
(oracle_home=/exlibris/app/oracle/product/11)
)
)
After the change:
-- value of DB initialization parameter local_listener:
(DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=REGISTER))
-- file listener.ora:
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = alephhost)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = REGISTER)) # line changed
)
)
sid_list_listener=(sid_list=
(sid_desc=
(global_dbname=aleph20.alephhost.exl.de) # line changed: different parameter with different value
# (equals the value DB parameters service_names)
(sid_name=aleph20)
(oracle_home=/exlibris/app/oracle/product/11)
)
)
SECURE_REGISTER_LISTENER = (IPC) # line added
Additional Information
* steps of the script ora_listener_patch:
-- changes the Oracle DB initialization variable local_listener
-- stops Oracle Listener
-- changes file i listener.ora
-- starts Oracle Listener
General description of ORACLE security patch CVE-2012-1675
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html
- Article last edited: 10/8/2013