Valid Node Checking For Registration (VNCR) (Doc ID 1600630.1)

Last updated on MARCH 31, 2022

Applies to:

Oracle Database - Enterprise Edition - Version 11.2.0.4 to 19.4.0.0.0 [Release 11.2 to 19]
Oracle Net Services - Version 11.2.0.4 to 19.5.0.0.0 [Release 11.2 to 19]
Oracle E-Business Suite Performance - Version 12.1.1 to 12.1.1 [Release 12.1]
Information in this document applies to any platform.
Describes the new listener registration security feature known as valid node checking.
VNCR in 11.2.0.4 and newer versions of the listener can mitigate the threat known as: alert-cve-2012-1675
https://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html

Purpose

VNCR is a new feature introduced in Oracle Net 11.2.0.4 and 12c which allows instance registrations to only come from known servers.

The idea is to make the listener secure by allowing registration to succeed only if it originates from a valid node.
The user can specify a list of nodes that can register with the listener.ora, or a list they want to exclude from registering.
This eliminates complex COST setups to ensure malicious servers do not register with a listener.
Just as in validnode checking, both invited/excluded cannot be specified together. If they are, invited nodes take precedence.
This feature is independent of the validnode checking that clients use.

Details

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Valid Node Checking For Registration (VNCR) (Doc ID 1600630.1)

Applies to:

Purpose

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!