Oracle SCN ProblemBy Martin | January 19th, 2012 | Category: 10g, 11g, Bugs, Oracle Database | 1 Comment »
In case you have not heard all the buzz about the Oracle SCN flaw, which was published by Infoworld after the release of January CPU, I summarize the essentials.
- There is a risk that the SCN reaches it´s maximum value and this could lead to an outage of the database.
- There is a bug in “ALTER DATABASE BEGIN BACKUP”, which increases the SCN dramatically. (Bug 12371955 – fixed in 126.96.36.199.4 and others)
- When you query a remote database via database link from a database with elevated SCN, the remote SCN gets increased to the higher value as well. This has the dramatic effect, that a database will infect the other database.
- Imagine an unpatched environment with user-managed online backups (e.g. for SAN split mirror technology) and dozens of interconnected databases with database links.
- Now imagine an evil employee with this little innocent database account with only “create session” privilege … you get the picture.
- The January 2012 CPU/PSU contains a patch that should restrict the ways to increase the SCN. However, I am not sure that the issue with db links is solved. I could bump up the SCN to 12562779343042 by a remote select even after patching with CPU January 2012.
Additionally, there are already quite a few articles showing how a potential attacker could use this flaw, e.g. this one.
- Information on the System Change Number (SCN) and how it is used in the Oracle Database [ID 1376995.1]
- Installing, Executing and Interpreting output from the “scnhealthcheck.sql” script [ID 1393363.1]
- Bug 12371955 – Backup task can cause increased SCN growth rate leading to ORA-600  errors [ID 12371955.8]