Security :: CVE-2012-3132 And Express Editions Of Oracle Database
Oct 10, 2012
I was wondering if the Express Edition of Oracle Database inherited the same vulnerabilities as the whole edition? Namely I have a few hosts that have Oracle Database 11g Express Edition installed and I was wondering if they would then be vulnerable to CVE-2012-3132 and specifically the easily exploitable flaw associated with it, detailed below:
Can't use links until I've posted 5 messages, ugh..link obfu with x's and [] URL....
My question is; I've been reading the Oracle database 11g R2 documentation at this link [URL]...
I passed a couple of days learning about all installation configuration parts including the desktop class and server class.As I was learning, So I had already downloaded Oracle Database Express 11g R2 for win32.
So as i had finished the installation guide I thought it's time to install the oracle now. I did it, and what I found was that there was not any option during installation that i read in above documentation. While trying to find about this difference i reached on documentation[URL]...
That is for express version only.
My question here is, Express edition, we use for learning purpose, But it doesn't look like it has all the stuff that we should learn during installation And what documentation I should follow from my above given two links?
I have been trying out the new 12c on Windows 2012 Essentials with the same type of errors. The OraDim step fails and cannot create the services. It fails a bit differently if I choose "Create New Windows User", choose a "Use Existing Windows User", or choose the Windows Built-in user.
I have Oracle 10g on an XP machine, and use the 'Oracle in OraDB10g_home1' driver to read the data. I have another Windows Server 2008 R2 machine on the same network, with SQL Server 2012 on it. What is the best way to read Oracle Tables in SQL Server? Can I setup an ODBC link from my Windows Server machine to the Oracle Database (which would require me to download an Oracle ODBC driver)? Or is the best way to export the required tables from Oracle (e.g. into csv format) and import them into SQL?
Is there any setting on oracle that allows to disconnect users automatically and display a message to users such: "Try a new connection to the db in 30 minutes"?
I'm checking the possibility to use Active Directory to log on the our Oracle databases. But only for dba's and developers, not application users. We use Oracle 10.2.0.4 (and soon 11g) As OS on the databaseserver we use AIX5L 5.3
Is it possible to implement Active Directory on databases running on AIX ? If it is possible, what must be done to get it to work, software ... etc ?
Just installed the new 2.0.8 version. Its been a while I am interested on using PM for our company.The problem I have is creating an Oracle DB connection. When I create a new Oracle DB connection, and test it, Steps 3 and 4 fail.What is strange is that I followed the following procedure in PM 1.9-825 and worked fine. I am wondering if something changed in the new PM 2.0.8 version (I noticed that php_oci8.dll was commented out in php.ini).
Oracle Version is 10GR2 PM installed on clean XP sp3
1. Got a new Windows XP SP3 PC 2. Installed PM 2.0.8 3. Edited php.ini and uncommented [PHP_OCI8] and extension=php_oci8.dll 4. Installed oracle instant client “instantclient-basic-win32-10.2.0.5” in c:oracle 5. Installed oracle instant client “instantclient-sqlplus-win32-10.2.0.4” in c:oracle 6. Added c:oracle in PATH environment variable 7. Created ORACLE_HOME = c:oracle environment variable 8. Added TNS_ADMIN = c: environment variable 9. Copied working tnsnames.ora file into c: 10. Rebooted. ------------------------------------- 1. Tried sqlplus connection to my oracle db and worked. 2. Launched PM 3. Created a new process 4. Created a new DB connection as follows: a. Engine:Oracle b. Server:192.168.xxx.xxx c. Database name: my_name (where my_name appears in tns_names.ora) d. Username:my_username e. Password:my_password [code]....
Last week we have realized that a user who connects through SQL Developer(as nothing wrong found in application server logs) has made a serious change in the database which created a real mess. The user has done some mischief in some calculations by making some inserts and updates in some important tables in our production database.
How can I find which user or from which IP the change is made.
I have a doubt in locking user account in oracle database.I was told to drop some unusable users in database which my clients dont require them.I verified the dependent objects of those users but not sure if these users can be dropped.
Instead can i make those user accounts locked so that they cannot connect to database? Would there be any impact on database performance if i lock those user accounts?
Is locking an account and dropping users is similar in anyway?
I have oracle 10g up and running on Solaris 10, from windows I would like to connect to sql plus through windows authentication, for that I have already made sure that remote_auth = true and have created user in oracle with OPS$. But still I cannot connect.
I have the same setup but with oracle on windows server, the os authentication from windows clients works just fine.
does oracle 10g on solaris 10 supports windows os authentication?
In Sybase, my application was using system tables to perform application login security. Those tables obviously don't exist in Oracle. I am looking for ways to provide the following functionality in an Oracle world:
1. How to determine 'x' days of inactivity based on "last login date"?
2. How to determine when a new user logs in for the first time and force them to change their password?
3. If we need to reset a users password, how can we require the user to change their password?
4. Is there any other option other than storing a user-id/password in the application code for locking a user's account if their account needs to be locked due to inactivity?
5. In the USER_USERS view there is a status column. What the different status's can be?
Having below setup : (All this is testing environment)
1.One virtual Machine Guest OS is Windows 8 Pro 64 bit in Oracle Virtual Box 2.In the guest I have Microsoft Visual Studio 64 bit Ultimate Edition 3.Oracle 11.2.0.1 on same host machine windows 7 64 bit
In above Visual studio I wish to use Oracle 11.2.0.1 on same host machine. When I adds sql datasource control, Visual Studio is saying for installation of either one :
(A) Oracle Developer Tools for Visual Studio (B) Oracle client software version 8.1.7 or greater.
So, I downloaded ODTwithODAC1120320_32bit.zip from below link:
[URL].........
and installation run successfully with a message regarding running installAllOracleASPNETProviders.sql after a new installation. My questions are :
1.When I opened command prompt and said sqlplus / as sysdba it is saying ORA-12560. 2.When I says sqlplus scott/tiger@orcl (I created tnsnames.ora) c:app
ishaproduct11.2.0client_1NetworkAdmin with like this : orcl = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = XXX.XXX.XXX.XXX)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl) ) )
In above HOST = i am giving IP address of host machine on which this VM is installed and this is also oracle server database machine too, on which I am running Oracle database;
so, after few seconds I am getting, ORA-12154.
How do I connect my orcl database which is running on the same host machine by using above configurations. My virtual machine is visible from other machines as well as oracle database machine too i.e. ping to VM IP is working fine.
I have one problem when i try to setup ODTwithODAC121010 for connect from Visual Studio 2012 express to Oracle database 10g R2.When i setup ODTwithODAC121010 on Windows 7, can connect from visual studio to oracle database, but when i setup on Windows server 2012 Standard Evaluation x64 can't connect to oracle database through Visual studio 2012 express.
I check in registry of windows server 2012 x64 can't show Oracle folder in registry.how to connect from Visual studio 2012 express on windows server 2012 Standard evaluation x64 to Oracle database 10g.
I had installed ODAC 11.2 Release 5 (11.2.0.3.20) and Update Model from database wizard was working as expected...then after installing update 2 the wizard quit working....So Installed the latest managed drivers and beta..Data Connection connect and I can see the views and tables. but the Update Model from database wizard does not show the views and tables..
I have a database in which two table contains millions of data and the whole database size is getting more bigger. is there any option to archive the old data which has stored before 2012 and can be restored when the data required for 2011 or 2010 needed.
am having problems starting Oracle Database 10g Express Edition on Fedora. Here is what I did in order to start it:
[root@x1-6-00-c0-9f-bb-ba-57 ~]# /etc/init.d/oracle-xe start [root@x1-6-00-c0-9f-bb-ba-57 ~]# xhost + access control disabled, clients can connect from any host
Trying to upgrade APEX within an Oracle XE database installation on Windows 7. The version of APEX that came with Oracle XE is 4.0.2. Trying to upgrade to 4.1.1 and, from the SQL*Plus command-line (ie. the 'Run SQL Command' tool which comes with Oracle XE), I try to run @apexins.sql.
It starts to run momentarily, then the MS-DOS windows just closes. Can not find any install log to determine the cause.
i have IR report page and download column as blob,how can security applied in specific column wise?e.g. Report page have more rows, and applied query in condition.
Select ID,dbms_lob.getlength(Blob_file) Download from Document_master where Created_by=UPPER(:APP_USER) OR (exists (select '' from apex_workspace_group_users awgu where awgu.user_name =:app_user AND awgu.GROUP_NAME='EMPLOYEE_GROUP' ) )
Now all the rows with Download column to see EMPLOYEE_GROUP users,but i need control the download column only except Created_by=UPPER(:APP_USER) ,this case how can do the security.
I downloaded Oracle Database 11g Express Edition R2 to test Apex (I've never used). I want to know how to change the language of the version of Apex (integrated with Oracle Database 11g XE)? I would apex in French.
