Valid Node Checking For Registration (VNCR)
(Doc ID 1600630.1)
Last updated on JULY 26, 2021
Applies to:Oracle Database - Enterprise Edition - Version 220.127.116.11 to 18.104.22.168.0 [Release 11.2 to 19]
Oracle Net Services - Version 22.214.171.124 to 126.96.36.199.0 [Release 11.2 to 19]
Oracle E-Business Suite Performance - Version 12.1.1 to 12.1.1 [Release 12.1]
Information in this document applies to any platform.
Describes the new listener registration security feature known as valid node checking.
VNCR in 188.8.131.52 and newer versions of the listener can mitigate the threat known as: alert-cve-2012-1675
VNCR is a new feature introduced in Oracle Net 184.108.40.206 and 12c which allows instance registrations to only come from known servers.
- The idea is to make the listener secure by allowing registration to succeed only if it originates from a valid node.
- The user can specify a list of nodes that can register with the listener.ora, or a list they want to exclude from registering.
- This eliminates complex COST setups to ensure malicious servers do not register with a listener.
- Just as in validnode checking, both invited/excluded cannot be specified together. If they are, invited nodes take precedence.
- This feature is independent of the validnode checking that clients use.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!