Oracle11.2.0.4.0版本CVE-2012-1675 解决方法

最新推荐文章于 2023-07-28 14:43:40 发布
最新推荐文章于 2023-07-28 14:43:40 发布
阅读量2k 收藏
点赞数
分类专栏: Linux 文章标签: oracle
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_33286695/article/details/120612916
版权

适用版本

本方法仅适用于11.2.0.1.0以及更高版本。

安装系统

CentOS7.5

漏洞标识

CVE-2012-1675

问题描述

官网给出的解决方案如链接: 官网解决方案链接.但是并不适用11.2.0.1.0。我这里是单机版本。

漏洞解决:

文件下载
CVE-2012-1675漏洞文件下载.
步骤如下

Oracle Database 11g Release 11.2.0.1.0
ORACLE NET Patch for Bug# 12880299 for Linux-x86-64 Platforms
(RAC Rolling Installable)
Released: Thu May 31 02:32:54 2012
This document describes how you can install the one-off patch for bug#  12880299 on your Oracle Database 11g Release 11.2.0.1.0
 
(1) Prerequisites 【准备】
--------------------
Before you install or deinstall the patch, ensure that you meet the following requirements:
Note: In case of an Oracle RAC environment, meet these prerequisites on each of the nodes.
1.	Ensure that the Oracle Database on which you are installing the patch or from which you are rolling back the patch is Oracle Database 11g Release 11.2.0.1.0.
2.      Oracle recommends you to use the latest version of OPatch. 
	If you do not have the latest version, then follow the instructions outlined in the My Oracle Support note 224346.1 available at:
	https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=224346.1 
3.	Ensure that you set the ORACLE_HOME environment variable to the Oracle home of the Oracle Database.
4.	Ensure that you set the PATH environment variable to include the location of the unzip executable, and the <ORACLE_HOME>/bin and the <ORACLE_HOME>/OPatch directories present in the Oracle home of the Oracle Database.
5.	Ensure that you verify the Oracle Inventory because OPatch accesses it to install the patches. To verify the inventory, run the following command. If the command displays some errors, then contact Oracle Support and resolve the issue.
        $ opatch lsinventory 
6.	Ensure that you shut down all the services running from the Oracle home.
Note:
	-	For a Non-RAC environment, shut down all the services running from the Oracle home. 
	-	For a RAC environment, shut down all the services (database, ASM, listeners, nodeapps, and CRS daemons) running from the Oracle home of the node you want to patch. After you patch this node, start the services on this node.Repeat this process for each of the other nodes of the Oracle RAC system. OPatch is used on only one node at a time.
(2) Installation 【安装】
-----------------
To install the patch, follow these steps:
Note: In case of an Oracle RAC environment, perform these steps on each of the nodes.
1.	stop all instance and listeners
2.	Maintain a location for storing the contents of the patch ZIP file. In the rest of the document, this location (absolute path) is referred to as <PATCH_TOP_DIR>.
3.	Extract the contents of the patch ZIP file to the location you created in Step (1). To do so, run the following command:
	$ unzip -d <PATCH_TOP_DIR> p12880299_112010_Linux-x86-64.zip
4.	Navigate to the <PATCH_TOP_DIR>/12880299 directory:
	$ cd <PATCH_TOP_DIR>/12880299
5.	Install the patch by running the following command:
	$ opatch apply

	Note:
	When OPatch starts, it validates the patch and ensures that there are no conflicts with the software already installed in the ORACLE_HOME of the Oracle Database. OPatch categorizes conflicts into the following types: 
	-	Conflicts with a patch already applied to the ORACLE_HOME - In this case, stop the patch installation and contact Oracle Support Services.
	-	Conflicts with a patch already applied to the ORACLE_HOME that is a subset of the patch you are trying to apply  - In this case, continue with the patch installation because the new patch contains all the fixes from the existing patch in the ORACLE_HOME. The subset patch will automatically be rolled back prior to the installation of the new patch.
6.	configuration listener.ora
	cd $ORACLE_HOME/network/admin
	vi listener.ora
		SECURE_REGISTER_LISTENER = (TCP)
		VALID_NODE_CHECKING_REGISTRATION_LISTENER=ON
7.	Start the services from the Oracle home.

(3) Deinstallation 【描述】
---------------------
To deinstall the patch, follow these steps:
Note: In case of an Oracle RAC environment, perform these steps on each of the nodes.
1.	Navigate to the <PATCH_TOP_DIR>/12880299 directory:
	$ cd <PATCH_TOP_DIR>/12880299
2.	Deinstall the patch by running the following command:
	$ opatch rollback -id 12880299
3.	Start the services from the Oracle home.
(4) Bugs Fixed by This Patch
---------------------------------
The following are the bugs fixed by this patch:
  12880299: RAC: TCP HANDLERS BLOCK IF LISTENER REGISTRATION IS RESTRICTED TO IPC W/COST
--------------------------------------------------------------------------
Copyright 2012, Oracle and/or its affiliates. All rights reserved.
--------------------------------------------------------------------------

提示:

所有创建的文件的权限和所属用户组均属于Oracle,我这里是 dba:ora。

参考【侵删】

Oracle Security Alert for CVE-2012-1675.
Oracle远程投毒漏洞CVE-2012-1675解决方法.
ORACLE TNS Listener远程注册投毒(Poison Attack)漏洞.
Oracle local_listener以及remote_listener参数.

结语

遇到问题可以下方评论留言,如有帮助,高抬贵手。

binbincoder
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Oracle11.2.0.1,(CVE-2012-1675)漏洞解决方案
ζั͡山 ั͡有扶苏 ั͡✾的博客
04-17 455
查看监听服务信息,如果没有发现“REMOTE SERVER”字样,说明此时漏洞已经修复。
Oracle远程投毒漏洞CVE-2012-1675解决方法
weixin_44455388的博客
08-12 1万+
版本: 本方法仅适用于11.2.0.4.0以及更高版本。 漏洞标识: CVE-2012-1675 解决方法: ①oracle安装用户下执行以下命令停止监听: lsnrctl stop ②在listener.ora文件最下面添加以下内容: VALID_NODE_CHECKING_REGISTRATION_LISTENER=ON listener.ora文件的位置一般在$ORACLE_HOME/network/admin下; 不知道怎么找的话,可以输入echo $ORACLE_HOME打印一下Oracle
Oracle Database Server 'TNS Listener'远程数据投毒漏洞(CVE-2012-1675)的完美解决方法
09-10
主要介绍了Oracle Database Server 'TNS Listener'远程数据投毒漏洞(CVE-2012-1675的完美解决方法的相关资料,本文介绍的非常详细,具有参考借鉴价值,需要的朋友可以参考下
oracle远程投毒漏洞复现,oracle TNS Listener远程投毒(CVE-2012-1675)漏洞分析、复现...
weixin_28896255的博客
04-10 5711
漏洞原理分析:CVE-2012-1675该漏洞产生的原因是因为“TNS Listener”组件中允许攻击者不使用用户名和密码的情况下就变成“自家人”,也就是说攻击者冒充受害者的小弟,但是受害者没有进行任何认证就相信了。然后现在受害者就有两个同名数据库了,监听将自动按照负载均衡把这次访问发送到负载低的数据库上,进行连接访问。然后我们就在连接处开设一个抓包工具就可以抓取受害人向攻击者发送的所有数据了。...
alert-cve-2012-1675远程投毒-VNCR方式修复
biaolinglv6454的博客
07-16 738
与该远程投毒相关的MOS文档:2226611.1 介绍listener新的注册相关的安全功能 - 有效节点检查功能。11.2.0.4以及更高版本里引入这个功能是为了解决下面的安全问题:alert-cve-2012-1675 VNCR 是 Oracle Net 11.2.0.4 和 12c 的一个新特性,只允许注册实例来自允许的服务器。 仅当注册来自于一个有效节点时才允许注册成功,该想法确保了 ...
Oracle Database Server 'TNS Listener'远程数据投毒漏洞(CVE-2012-1675
热门推荐
Ryan——进阶之路
11-14 1万+
安全公告:http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html 一、解决方案 RAC:My Oracle Support Note 1340831.1 非 RAC:My Oracle Support Note 1453883.1  二、简单举例:非
oracle-instantclient11.2-sqlplus-11.2.0.4.0-1.x86_64.zip
07-08
oracle-instantclient11.2-sqlplus-11.2.0.4.0-1.x86_64.ziporacle-instantclient11.2-sqlplus-11.2.0.4.0-1.x86_64.ziporacle-instantclient11.2-sqlplus-11.2.0.4.0-1.x86_64.ziporacle-instantclient11.2-sqlplus...
Oracle驱动包 ojdbc6-11.2.0.4.0-atlassian-hosted.jar
01-27
Oracle驱动包 ojdbc6-11.2.0.4.0-atlassian-hosted.jar
instantclient-basic-nt-11.2.0.4.0 instantclient-odbc-nt-11.2.0.4
07-05
instantclient-odbc-nt-11.2.0.4.0 及 instantclient-basic-nt-11.2.0.4.0 套装,32位,ODBC连接必须
oracle v-11.2.0.4.0 Oracle 11.2.0.4 For Windows 64bit+32bit 数据库
08-04
5为Gateway software,gateways是指透明网关,如果要从oracle访问其它数据库系统(sqlserver,sybase等),需要安装Gateway; 6表示 examples, 是示例文件安装包; 7为deinstall,是Oracle自带的界面化卸载工具;
Oracle Database Server 'TNS Listener'远程数据投毒漏洞(CVE-2012-1675)的解决文档
05-25
安全厂家给出的解决办法: 链接:http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html 根据此链接得到解决方法: ? 1234 SolutionRecommendations for protecting against this vulnerability can be found at:My Oracle Support Note 1340831.1 for Oracle Database deployments that use Oracle Real Application Clusters (RAC).My Oracle Support Note 1453883.1 for Oracle Database deployments that do not use RAC. 目前这里环境不是RAC,参考文档1453883.1: Using Class of Secure Transport (COST) to Restrict Instance Registration (
Oracle Database Server ‘TNS Listener’远程数据投毒漏洞(CVE-2012-1675)的完美解决方法
12-16
环境:Windows 2008 R2 + Oracle 10.2.0.3 应用最新bundle patch后,扫描依然报出漏洞 Oracle Database Server ‘TNS Listener’远程数据投毒漏洞(CVE-2012-1675) •1.确定解决方案 •2.应用解决方案 •3.验证修补情况 •4.Reference 1.确定解决方案 安全厂家给出的解决办法: 链接:http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html 根据此链接得到解决方法: So
ojdbc6-11.2.0.4.0-atlassian-hosted_jar.zip
07-21
ojdbc6-11.2.0.4.0-atlassian-hosted.jar oracle驱动包
Oracle TNS侦听器远程中毒(CVE-2012-1675)
冥净的博客
07-28 755
[oracle@orac bin]$ netca -silent -responsefile /home/oracle/netca.rsp Parsing command line arguments: Parameter "silent" = true Parameter "responsefile" = /home/oracle/netca.rsp Done parsing command line arguments. Oracle Net Services Configuratio
oracle tns远程监听器中毒,Oracle 11.2.0.4 TNS 监听器远程中毒漏洞(CVE-2012-1675)修复方案...
weixin_36280540的博客
04-06 3163
Oracle 11.2.0.4 单实例和RAC修复方案随着对网络安全的进一步重视,Oracle TNS 监听器远程中毒漏洞(CVE-2012-1675)被列为了高危漏洞,需要进行漏洞修复。从Oracle 11.2.0.4开始,Oracle 引入了Valid Node Checking For Registration(VNCR)新特性,可以通过配置参数VALID_NODE_CHECKING_REG...
Oracle Security Alert for CVE-2012-1675
Amdy_amdy的博客
03-28 977
Oracle Security Alert for CVE-2012-1675 Description This security alert addresses the security issue CVE-2012-1675, a vulnerability in the TNS listener which has been recently disclosed as "TNS List...
oracle 11.2.0.4.0 - 64数据库安装包windows系统下载
最新发布
09-10
您可以通过以下步骤下载Oracle 11.2.0.4.0 - 64位数据库安装包适用于Windows系统: 1. 打开Oracle官方网站(https://www.oracle.com)。 2. 将鼠标悬停在"下载"菜单上,然后选择"软件下载"。 3. 在"产品"部分,选择"数据库"。 4. 在"数据库产品"部分,选择"企业版/标准版"。 5. 在"版本"部分,选择"Oracle Database 11g Release 2"。 6. 在"数据库版本"部分,选择"11.2.0.4.0"。 7. 在"操作系统"部分,选择"Windows"。 8. 在"平台/位数"部分,选择"Microsoft Windows (x64)"。 9. 单击"继续"按钮。 10. 在接下来的页面上,您可能需要登录您的Oracle账户,或者注册一个新账户。 11. 登录后,您会被重定向到一个页面,其中包含Oracle 11.2.0.4.0 - 64位数据库安装包的下载链接。 12. 单击下载链接以开始下载。 请注意,下载过程可能需要一些时间,具体速度取决于您的网络连接和Oracle服务器的负载情况。一旦下载完成,您可以按照Oracle官方文档中提供的安装说明进行安装。 希望这些信息能对您有所帮助!如果有其他问题,请随时提问。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值