Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Security jaw dropper

35 views
Skip to first unread message

joel garry

unread,
Apr 26, 2012, 5:53:47 PM4/26/12
to
http://seclists.org/fulldisclosure/2012/Apr/343

jg
--
@home.com is bogus.
http://en.wikipedia.org/wiki/D.O.A._%281950_film%29

Mark D Powell

unread,
Apr 27, 2012, 2:56:16 PM4/27/12
to
Oh joy. Nice find.

HTH -- Mark D Powell --


onedbguru

unread,
Apr 27, 2012, 5:56:07 PM4/27/12
to
On Thursday, April 26, 2012 5:53:47 PM UTC-4, joel garry wrote:
Try copying an init.ora file for a RAC system to a new system and start up the instance (restore control files and just mount the database for database restore). Wait a bit - and then try to connect to the original database service name (example: sqlplus user/password@original:1521/ORCL. Database is ORCL with instances ORCL{n}. You will eventually start getting ORA-01033 errors - database is starting up or shutting down. It will drive you mad until you realize that (and search MOS) the new database has registered with the original listener and it is the only one the SCAN tries to send the new connections. Can we say DoS!!! Luckily, the "original" in this case was a TEST cluster!

Noons

unread,
Apr 28, 2012, 2:22:49 AM4/28/12
to
joel garry wrote,on my timestamp of 27/04/2012 7:53 AM:
> http://seclists.org/fulldisclosure/2012/Apr/343

Unbelievable! I'll bet no one will hear a peep on this sort of problem from
the Ace's&Co...

John D Groenveld

unread,
Apr 30, 2012, 6:24:49 PM4/30/12
to
In article <bd71cd2d-6621-45cd...@r9g2000yqd.googlegroups.com>,
joel garry <joel-...@home.com> wrote:
>http://seclists.org/fulldisclosure/2012/Apr/343

<URL:http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html>

John
groe...@acm.org

joel garry

unread,
Apr 30, 2012, 6:45:03 PM4/30/12
to
On Apr 30, 3:24 pm, groen...@cse.psu.edu (John D Groenveld) wrote:
> In article <bd71cd2d-6621-45cd-b236-f6efe9ff6...@r9g2000yqd.googlegroups.com>,
> joel garry  <joel-ga...@home.com> wrote:
>
> >http://seclists.org/fulldisclosure/2012/Apr/343
>
> <URL:http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675...>
>
> John
> groenv...@acm.org

Thanks for that.

jg
--
@home.com is bogus.
http://arstechnica.com/tech-policy/news/2012/04/fair-use-or-first-excuse-oracle-v-google-goes-to-the-jury.ars

John Hurley

unread,
May 1, 2012, 6:48:03 AM5/1/12
to
Joel:

Thanks for pointing this out ... just after I spent some time looking
at it I eventually received the oracle email notification ( aka they
finally acknowledge it ) ...

Looking at 2 bypasses now ... we don't run RAC here anymore ...

Trying to remember all the implications of turning off dynamic
registration ... will be testing later today.

Looks like a lot of people are going to be doing some scrambling today
and in the next weeks.

joel garry

unread,
May 1, 2012, 12:41:26 PM5/1/12
to
On May 1, 3:48 am, John Hurley <johnthehur...@gmail.com> wrote:
> Joel:
>
> Thanks for pointing this out ... just after I spent some time looking
> at it I eventually received the oracle email notification ( aka they
> finally acknowledge it ) ...

Hat tip to the Dude's aggregator, that was my first clue.

Now it's gotten to zdnet:
http://www.zdnet.com/blog/security/oracle-scrambles-to-contain-0-day-disclosure-snafu/11738

jg
--
@home.com is bogus.
http://www.computerweekly.com/news/2240149452/Interview-Oracle-president-Mark-Hurd

John Hurley

unread,
May 3, 2012, 4:32:57 PM5/3/12
to
Joel:

# Hat tip to the Dude's aggregator, that was my first clue.

... Now it's gotten to zdnet: http://www.zdnet.com/blog/security/oracle-scrambles-to-contain-0-day-...

In my environment ( no rac anywhere ) falling back to turning off
dynamic registration ( DYNAMIC_REGISTRATION_LISTENER = OFF ) and the
old static configuration of instances ...

SID_LIST_LISTENER = ( any instances running on the server plus ASM+
instance ) ...
0 new messages