HI,
Recently we scanned our oracle prod servers. During analyzing the scan report, we came to know the Security issue - CVE-2012-1675 and the description it is showing as -
" The remote Oracle TNS listener allows service registration from a remote host. An attacker can exploit this issue to divert data from a legitimate database server or client to an attacker-specified system. Successful exploits will allow the attacker to manipulate database instances, potentially facilitating man-in-the-middle, session- hijacking, or denial of service attacks on a legitimate database server "
As we are having 11.2.0.4 version, i followed below two docs and enabled VNCR. Post enabling VNCR, i once again SCANNED oracle servers. But still the report displaying CVE-2012-1675 issue. Why?
How to Enable VNCR on RAC Database to Register only Local Instances ( Doc ID 1914282.1 )
Valid Node Checking For Registration (VNCR) ( Doc ID 1600630.1 )
Could you please let us know how can we mitigate security issue of CVE-2012-1675? Was there any patches available up mitigate this issue?
Database details
============
Oracle version : 11.2.0.4 (Standard Edition)
RAC : Yes (Two node RAC databases)
OS : RHEL 5 - 64 bit
Thank you.