Description:
Oracle Corporation Released CVE-2012-1675 on May 5th, 2012 in regards to a vulnerability in their software.
This vulnerability specifically targets a component known as the TNS Listener. The TNS Listener, as used in current
Oracle Database versions distributed with the CA eHealth product, 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison.". The listed CA eHealth versions have, after review by CA Sustaining Engineering, been determined to be vulnerable, and the following Oracle approved work around is being offered to customers for all Unix platforms (Solaris and Linux) and Windows while a permanent fix is found and implemented.
Solution:
Separate solutions exists for Unix and Windows based systems as noted below.
Unix
- Add following line to the listener.ora file ($NH_ORACLE_HOME/network/admin)
SECURE_REGISTER_LISTENER = (IPC)
- Update following parameter
$NH_HOME/bin/sys/nhisql "alter system set local_listener='(DESCRIPTION=(ADDRESS=(PROTOCOL=IPC) (KEY=EHEALTH)))' scope = both";
- Stop and start the listener
- Stop eH services - nhServer stop;
- nhConfigDbNet -stopListener
- nhConfigDbNet -startListener
- nhServer start
- Verify that the changes are in place.
- Check the parameter is set with the command:
$NH_HOME/bin/sys/nhisql "show parameter listener"
The output will look like
NAME TYPE VALUE---------------- ------------ ------------------------------------------------local_listener string (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EHEALTH)))
Windows
- Change directory to %NH_ORACLE_HOME%/network/admin
- Cd %NH_ORACLE_HOME%/network/admin
- Open the listener.ora file in an editor
- Add the following line to the end of file
SECURE_REGISTER_listener=(IPC)
- Set the local_listener parameter in database with the next steps.
- Change directory to %NH_ORACLE_HOME%/database and modify the init{ORACLE_SID}.ora.usr file
(Note: (SID) is the value of the output of the command
env | grep ORACLE_SID
In the example above if that returns ORACLE_SID=EHEALTH, then the file name to edit would be
initEHEALTH.ora.usr)
- Add the following line to the file:
local_listener='(DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EHEALTH)))'
- Regenerate the oracle spfile by doing this
Stop the eHealth database and services
nhServer stop
nhStopDb immediate
cd to %NH_ORACLE_HOME%/database and remove the SPFILE(ORACLE)SID).ORA file
Start the eHealth database
nhStartDb
cd to %NH_HOME%/bin/sys and run the following command
%NH_HOME%/bin/sys/nhisql -sysdba "create spfile from pfile"
- Restart the eHealth database and services
nhStopDb immediate
nhStartDb
nhServer start
- Verify that the changes are in place with the command:
%NH_HOME%/bin/sys/nhisql "show parameter listener"
The output will look like
NAME TYPE VALUE
---------------- --------- --------------------------------------------------local_listener string (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EHEALTH)))