on 05-04-2012 2:06 PM
Hi!
Do SAP planning to release some information / guidelined for Oracle Security Alert for CVE-2012-1675?
From Oracle: http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html
That issue concerning the listener are a thing to take a look at.
For other Oracle databases at our location, we installed the fix immediate due to this risk.
Look at these 2 links for more details around the issue.
http://seclists.org/fulldisclosure/2012/Apr/204 and http://seclists.org/fulldisclosure/2012/Apr/343
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
As of Note 1714255 I install the fix in all my systems.
https://service.sap.com/sap/support/notes/1714255
To say this security alert not is relevant are a too easy way to handle it. I'm sorry that I didn't see the other discussion before.
Regards
Audun
Hello Audun,
we already have discussed this topic a few days ago.(http://scn.sap.com/thread/3168770)
Check the replies, the test case and the upcoming information.
Stefan
Hi,
is that one really relevant, given that a SAP database usually does not have
LOCAL_LISTENER configured and one might have tcp.invited nodes restricted to the APP Servers.
Volker
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.