Begin main content

Forum OpenACS Q&A: Response to Bugtraq: Remote Compromise in Oracle 9i Database Server (and Oracle 8)

Back to OpenACS Q&A

8: Response to Bugtraq: Remote Compromise in Oracle 9i Database Server (and Oracle 8) (response to 1)

Posted by Rich Graves on 02/08/02 08:57 PM

Just remove the line

(ADDRESS= (PROTOCOL= IPC)(KEY= extproc))

from listener.ora, lsnrtcl stop, lsnrtcl start.

We've done that on most of our Oracle boxes now. The ones where we really need extproc,

/sbin/ipchains -A input 1 -s 127.0.0.1 -j ACCEPT
/sbin/ipchains -A input 1 -s $LOCAL_IP_ADDRESS -j ACCEPT
/sbin/ipchains -A input 1 -d any/0 1521 -p tcp -j DENY

or equivalent in Solaris or router access lists.

Even on NT4 there is a primitive "port security" feature that can block 1521.

Back to OpenACS Q&A