Oracle 11.2.0.4 PSU22310544 on Windows Server 2008
I was reading about CVE-2012-1675 alert. I did follow Doc ID 1453883.1 for Oracle Database deployments that do not use RAC. Unfortunately, the workaround doesn't make much sense to me compared to this article , and this article. Then I got to this discussion and got even more confused.
On the Burleson Consulting article, "If you set set dynamic_registration_listener=off in the in your listener.ora file then you are completely protected against this TNS poison attack.". My question is what is the impact of setting dynamic_registration_listener to off? Is it really as simple. Why does Oracle Doc did not mention that as a workaround?
Can someone please explain what this alert is about? And possibly the least "harmful" way to mitigate this risk?
Thanks
Ami