Valid Node Checking For Registration (VNCR)
(Doc ID 1600630.1)
Last updated on MAY 29, 2019
Applies to:Oracle Net Services - Version 184.108.40.206 to 220.127.116.11 [Release 11.2 to 12.2]
Oracle Database - Enterprise Edition - Version 18.104.22.168 to 22.214.171.124 [Release 11.2]
Information in this document applies to any platform.
Describes the new listener registration security feature known as valid node checking.
VNCR in 126.96.36.199 and newer versions of the listener can mitigate the threat known as: alert-cve-2012-1675
VNCR is a new feature in Oracle Net 188.8.131.52 and 12c which allows instance registrations to only come from known servers.
- The idea is to make the listener secure by allowing registration to succeed only if it originates from a valid node.
- The user can specify a list of nodes that can register with the listener.ora, or a list they want to exclude from registering.
- This eliminates complex COST setups to ensure malicious servers do not register with a listener.
- Just as in validnode checking, both invited/excluded cannot be specified together. If they are, invited nodes take precedence.
- This feature is independent of the validnode checking that clients use.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!