{"id":1125,"date":"2012-01-19T23:56:52","date_gmt":"2012-01-19T21:56:52","guid":{"rendered":"http:\/\/www.ora-solutions.net\/web\/?p=1125"},"modified":"2012-01-19T23:56:52","modified_gmt":"2012-01-19T21:56:52","slug":"oracle-scn-problem","status":"publish","type":"post","link":"https:\/\/www.ora-solutions.net\/web\/2012\/01\/19\/oracle-scn-problem\/","title":{"rendered":"Oracle SCN Problem"},"content":{"rendered":"<p>In case you have not heard all the buzz about the Oracle SCN flaw, which was published by <a href=\"http:\/\/www.infoworld.com\/d\/security\/fundamental-oracle-flaw-revealed-184163-0\">Infoworld<\/a> after the release of January CPU, I summarize the essentials.<\/p>\n<ul>\n<li>There is a risk that the SCN reaches it\u00b4s maximum value and this could lead to an outage of the database.<\/li>\n<li>There is a bug in &#8220;ALTER DATABASE BEGIN BACKUP&#8221;, which increases the SCN dramatically. (Bug 12371955 &#8211; fixed in 11.2.0.2.4 and others)<\/li>\n<li>When you query a remote database via database link from a database with elevated SCN, the remote SCN gets increased to the higher value as well. This has the dramatic effect, that a database will infect the other database.<\/li>\n<li>Imagine an unpatched environment with user-managed online backups (e.g. for SAN split mirror technology) and dozens of interconnected databases with database links.<\/li>\n<li>Now imagine an evil employee with this little innocent database account with only &#8220;create session&#8221; privilege\u00a0 &#8230; you get the picture.<\/li>\n<li>The January 2012 CPU\/PSU contains a patch that should restrict the ways to increase the SCN. However, I am not sure that the issue with db links is solved. I could bump up the SCN to 12562779343042 by a remote select even after patching with CPU January 2012.<\/li>\n<\/ul>\n<p>Additionally, there are already quite a few articles showing how a potential attacker could use this flaw, e.g. <a href=\"http:\/\/www.gokhanatil.com\/2012\/01\/fundamental-oracle-flaw-revealed-lets.html \">this one.<\/a><\/p>\n<p>References:<\/p>\n<ul>\n<li><span style=\"font-family: helvetica;\">Information on the System Change Number (SCN) and how it is used in the Oracle Database [ID 1376995.1]<\/span><\/li>\n<li><span style=\"font-family: helvetica;\">Installing, Executing and Interpreting output from the &#8220;scnhealthcheck.sql&#8221; script [ID 1393363.1]<\/span><\/li>\n<li><span style=\"font-family: helvetica;\">Bug 12371955 &#8211; Backup task can cause increased SCN growth rate leading to ORA-600 [2252] errors [ID 12371955.8]<strong><br \/>\n<\/strong><\/span><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>In case you have not heard all the buzz about the Oracle SCN flaw, which was published by Infoworld after the release of January CPU, I summarize the essentials. There is a risk that the SCN reaches it\u00b4s maximum value and this could lead to an outage of the database. There is a bug in [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[13,14,47,5],"tags":[],"class_list":["post-1125","post","type-post","status-publish","format-standard","hentry","category-10g","category-11g","category-bugs","category-oracle-database"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ora-solutions.net\/web\/wp-json\/wp\/v2\/posts\/1125","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ora-solutions.net\/web\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ora-solutions.net\/web\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ora-solutions.net\/web\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ora-solutions.net\/web\/wp-json\/wp\/v2\/comments?post=1125"}],"version-history":[{"count":7,"href":"https:\/\/www.ora-solutions.net\/web\/wp-json\/wp\/v2\/posts\/1125\/revisions"}],"predecessor-version":[{"id":1132,"href":"https:\/\/www.ora-solutions.net\/web\/wp-json\/wp\/v2\/posts\/1125\/revisions\/1132"}],"wp:attachment":[{"href":"https:\/\/www.ora-solutions.net\/web\/wp-json\/wp\/v2\/media?parent=1125"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ora-solutions.net\/web\/wp-json\/wp\/v2\/categories?post=1125"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ora-solutions.net\/web\/wp-json\/wp\/v2\/tags?post=1125"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}