12c EM: How to patch a Enterprise Base Platform Agent to protect it against vulnerability CVE-2012-3137? (Doc ID 1563612.1)

Last updated on NOVEMBER 16, 2022

Applies to:

Goal

When a 12c Agent is monitoring a 11g target Database, whose sqlnet.ora file has the SQLNET.ALLOWED_LOGON_VERSION=12 parameter set, the Database is marked as Down in the Console.

-  The Agent fails to connect to the Database with the below errors:

ORA-01017: invalid username/password; logon denied
OR
ORA-28040: No matching authentication protocol

-  These errors can be seen in the <AGENT_INST>/sysman/log/emagent_perl.trc or in the Console UI when you drill down into the Availability history of the Database.
    The error is also reported when the REsponse metric of the Database is evaluated manually, for example:

cd <AGENT_HOME>/bin
./emctl getmetric agent orcl_12,oracle_database,Response
Oracle Enterprise Manager Cloud Control 12c Release 3
Copyright (c) 1996, 2013 Oracle Corporation.  All rights reserved.
Status,State,oraerr,Archiver,DatabaseStatus,ActiveState
0,UNKNOWN,Failed to connect: java.sql.SQLException: ORA-01017: invalid username/password; logon denied 
,UNKNOWN,UNKNOWN,UNKNOWN 

Similar errors will occur for the 'Management Services and Repository' target as well, if the SQLNET.ALLOWED_LOGON_VERSION=12 parameter is set in the Repository database's sqlnet.ora file.

According to the details in  <Note 1493990.1> : Patching for CVE-2012-3137, the Agent (which is the client in this case) needs to be patched, so that it can connect to this Database.

This document provides the patch details for the agent.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.