解決這個問題時alert-cve-2012-1675-1608180:Oracle Security Alert for CVE-2012-1675的記錄, 直接從Send Items裡摘出來自己的部分:
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html
I think that’s a known securityissue as thus ↑[alert-cve-2012-1675-1608180:OracleSecurity Alert for CVE-2012-1675]
Affected Products and Versions · Oracle Database 11g Release 2, versions 11.2.0.2,11.2.0.3 · Oracle Database 11g Release 1, version 11.1.0.7 · Oracle Database 10g Release 2, versions 10.2.0.3,10.2.0.4, 10.2.0.5 Solution Recommendations for protecting against this vulnerability can befound at: · My Oracle Support Note 1340831.1 for Oracle Databasedeployments that use Oracle Real Application Clusters (RAC). · My Oracle Support Note 1453883.1 for Oracle Databasedeployments that do not use RAC. Please note that Oracle has added Oracle Advanced Security SSL/TLSto the Oracle Database Standard Edition license when used with the RealApplication Clusters and Oracle has added Oracle Advanced Security SSL/TLS tothe Enterprise Edition Real Application Clusters (Oracle RAC) and RAC One Nodeoptions so that the directions provided in the Support Notes referenced abovecan be applied by all Oracle customers without additional cost. Note: Pleaserefer to the Oracle licensing documentation available on Oracle.com regardinglicensing changes that allow Oracle Advanced Security SSL/TLS to be used withOracle SE Oracle Real Application Clusters and Oracle Enterprise Edition RealApplication Customers (Oracle RAC) and Oracle RAC OneNode Options. Due to thethreat posed by a successful attack, Oracle strongly recommends that customersapply this Security Alert solution as soon as possible.
Better than using workarounds is to patch thevulnerability[CVE-2012-1675].
However, you could do as thus if you were concerned to restartoracle:
Possible workarounds
--------------------
There are many possible workarounds. The easier one is to set the
following parameter in the listener.ora configuration file:
dynamic_registration = off.
But, sometimes, you don't want to apply this workaround. Inexample, if
you have an Oracle RAC cluster, all the cluster's instances mustbe
registered in both TNS Listeners so, this workaround is notsuitable for
Oracle RAC clusters. To apply this workaround with Oracle RAC
environments one needs to implement load balancing at the clientside,
changing all the client's tnsnames.ora configuration file to addthe
complete list of Oracle RAC nodes.
However, there is another possible workaround that, sometimes, is
suitable for Oracle RAC environments. Edit the file protocol.oraor, for
older versions, sqlnet.ora, at the server side and add thefollowing
directives:
TCP.VALIDNODE_CHECKING = YES
TCP.INVITED_NODE =(Comma,separated,list,of,ALL,valid,clients, ...)
But, anyway, this workaround doesn't prevent valid clients frombeing
used as proxies. Valid clients can still exploit the vulnerability
regardless the VALIDNODE_CHECKING directive added as the client isa
valid node.
Then again, there is one more suitable workaround: If customerbought
(and enabled) Oracle Advanced Security feature clients can beconfigured
to use SSL/TLS. Thus, at both client and server side, thefollowing
parameters must be changed in protocol.ora or sqlnet.ora:
Client side: SQLNET.ENCRYPTION_CLIENT=REQUIRED
Server side: SQLNET.ENCRYPTION_SERVER=REQUIRED
The value of these configuration directives must be REQUIRED andnot
REQUESTED, as is pretty common, otherwise the attacker can answerto the
connection attempt answering that no SSL cipher is supported atthe
server side (as the attacker's controlled box is for the clientthe
trusted database's server) and the client will reconnect withoutusing
SSL.
Here is more information aboutit…
http://seclists.org/fulldisclosure/2012/Apr/204
Then I did a easy way...
suneng23:/export/home/sfuser>lsnrctl LSNRCTL for Solaris: Version11.2.0.3.0 - Production on 28-FEB-2014 02:05:56 Copyright (c) 1991, 2011,Oracle. All rights reserved. Welcome to LSNRCTL, type"help" for information. LSNRCTL> setdynamic_registration off Connecting to(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)) LISTENER parameter"dynamic_registration" set to OFF The command completedsuccessfully LSNRCTL> setsave_config_on_stop on Connecting to(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)) LISTENER parameter"save_config_on_stop" set to ON The command completedsuccessfully LSNRCTL> exit
