This content has been marked as final. Show 7 replies
There were different opinions mentioned in that link and moderator has locked that thread and hence I was not able to ask my questions there.
I believe Msberg has mentioned that he has applied the patch and it went smoothly too. Moreover, rather than any workarounds, it would be better to apply the patch especially when it is specially released for a particular threat.
I think there is no patch as such. Its just changes to listener.ora file and few changes
1) For standalone instances, will the following setting in listener.ora file and restarting listener addresses this vulnerability? Or is there any thing else we need to do? We want to avoid any patches now and see if we can resolve this quickly.
DYNAMIC_REGISTRATION_LISTENER = off
A: No you need to add another setting : ( (ADDRESS = (PROTOCOL = IPC)(KEY = REGISTER)) )
Plus for each database
LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = your hostname)(PORT = 1521)) (ADDRESS = (PROTOCOL = IPC)(KEY = REGISTER)) (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)) ) )
alter system set local_listener='(DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=REGISTER)))' scope = both;
stop and start the listener
Read note 1453883.1
Oracle 9 - No idea
2) If we dont configure "remote_listener", is it applicable for us?
A: Yes you should still fix your listener.ora
3) For RAC instances, I can follow the steps mentioned in
Using Class of Secure Transport (COST) to Restrict Instance Registration in Oracle RAC [ID 1340831.1]
Aman - Great memory!
Thanks Mseberg. :)