SQLNET Vulnerability CVE-2012-1675

Document ID : KB000049704
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Oracle Corporation Released CVE-2012-1675 on May 5th, 2012 in regards to a vulnerability in their software.
This vulnerability specifically targets a component known as the TNS Listener. The TNS Listener, as used in current
Oracle Database versions distributed with the CA eHealth product, 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison.". The listed CA eHealth versions have, after review by CA Sustaining Engineering, been determined to be vulnerable, and the following Oracle approved work around is being offered to customers for all Unix platforms (Solaris and Linux) and Windows while a permanent fix is found and implemented.

Solution:

Separate solutions exists for Unix and Windows based systems as noted below.

Unix

  1. Add following line to the listener.ora file ($NH_ORACLE_HOME/network/admin)
    SECURE_REGISTER_LISTENER = (IPC)

  2. Update following parameter
    $NH_HOME/bin/sys/nhisql "alter system set local_listener='(DESCRIPTION=(ADDRESS=(PROTOCOL=IPC) (KEY=EHEALTH)))' scope = both";

  3. Stop and start the listener

    1. Stop eH services - nhServer stop;
    2. nhConfigDbNet -stopListener
    3. nhConfigDbNet -startListener
    4. nhServer start


  • Verify that the changes are in place.

    1. Check the parameter is set with the command:

      $NH_HOME/bin/sys/nhisql "show parameter listener"

      The output will look like
      NAME               TYPE           VALUE---------------- ------------ ------------------------------------------------local_listener     string         (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EHEALTH)))
  • Windows

    1. Change directory to %NH_ORACLE_HOME%/network/admin

      1. Cd %NH_ORACLE_HOME%/network/admin
      2. Open the listener.ora file in an editor
      3. Add the following line to the end of file


      SECURE_REGISTER_listener=(IPC)

    2. Set the local_listener parameter in database with the next steps.

      1. Change directory to %NH_ORACLE_HOME%/database and modify the init{ORACLE_SID}.ora.usr file

        (Note: (SID) is the value of the output of the command

        env | grep ORACLE_SID

        In the example above if that returns ORACLE_SID=EHEALTH, then the file name to edit would be
        initEHEALTH.ora.usr)

      2. Add the following line to the file:

        local_listener='(DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EHEALTH)))'

      3. Regenerate the oracle spfile by doing this

        Stop the eHealth database and services

        nhServer stop
        nhStopDb immediate

        cd to %NH_ORACLE_HOME%/database and remove the SPFILE(ORACLE)SID).ORA file

        Start the eHealth database

        nhStartDb

        cd to %NH_HOME%/bin/sys and run the following command

        %NH_HOME%/bin/sys/nhisql -sysdba "create spfile from pfile"

      4. Restart the eHealth database and services

        nhStopDb immediate
        nhStartDb
        nhServer start

      5. Verify that the changes are in place with the command:

        %NH_HOME%/bin/sys/nhisql "show parameter listener"

        The output will look like
        NAME               TYPE      VALUE
        ---------------- --------- --------------------------------------------------local_listener string (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EHEALTH)))