April 2012 CVE-2012-1675 sercuity alert - issues

Similar Messages

• Oracle Security Alert for CVE-2012-1675

  Hi,
  I want to know more about recent release "Oracle Security Alert" : http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html
  Document available in https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1453883.1
  Fix is about Class of Secure Transport (COST). I need to know about elaborate steps to find out whether this change is need to apply to my databases or not.
  About my DBs : 10.2.4 , AIX, Nondefault Listener, Shared env , non RAC, local_listener is null & running in pfile.
  Thx,
  Gowin.

  Hello;
  Apply it. Very clean. Simple. No outage on Non-RAC. Biggest Impact is listener stop and start. Took about 3 minutes per server.
  Tested today and had zero issues. ( Assumed you understood a CONNECT was part of the test ). Zero issues.
  Had a thread on this here a few days ago :
  Oracle TNS Poison vulnerability
  See Oracle Support Note 1453883.1 for additional information.
  Best Regards
  mseberg
  With all due respect this isn't very hard. Make a decision.
  Edited by: mseberg on May 2, 2012 7:13 AM

• TNS Listener Poison attack : Oracle Security Alert for CVE-2012-1675

  Hi,
  I'm looking to implement the following oracle document about COST but not sure what we need to do for Standby Environment ,
  Can you guys please advise.
  Oracle Using Class of Secure Transport (COST) to Restrict Instance Registration [ID 1453883.1]
  Oracle Security Alert for CVE-2012-1675
  Thanks

  user097815 wrote:
  with regrads to the below thread which mostly talks about Oracle Security Alert for CVE-2012-1675 "TNS Listener Poison Attack"....i just wanted to find out if this effect DB that are externally or internally....meaning 95% of our DB are in network(internally) behind our firewall....and rest of the 5% are outside our firewall facing the world wide web....so does this apply to both of just one ?The attack is on the Listener itself - so if you want to prevent this attack, you need to secure that Listener, irrespective of its location.
  IMO, mandatory if you expose your Listener to an unsecured or public network (e.g. internet).
  As for Listeners running on your internal network - if this attack is used, securing your Listeners mean very little IMO. Because your internal network already needs to be compromised in order for the attack to occur. Which means you have far more serious problems then someone attacking your Listeners.

• Oracle TNS Poison vulnerability - CVE-2012-1675

  Oracle announced a zero day vulnerability today - http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html
  Looks like a man in the middle attack.
  For CF8 or CF9, can the native oracle driver be configured to use SSL/TLS?

  Rather than attempting to patch something without official patches and potentially breaking your license to use it, I suggest disabling listener dynamic registration and configuring a static local_listener parameter within your XE database.  The TNS poison vulnerability relies on dynamic listener registration, and by disabling it we should no longer have risk from this vulnerability.

• Hi I have a recent macbook pro 12" (bought in april 2012) model number A1278.  I'm trying to connect to a 23" apple cinema display (A1082) this currently is not working - i've bought an additional Apple MB570ZA Mini DisplayPort to DVI Adapter - no luck!

  Hi I have a recent macbook pro 12" (bought in april 2012) model number A1278.  I'm trying to connect to a 23" apple cinema display (A1082) this currently is not working - i've bought an additional Apple MB570ZA Mini DisplayPort to DVI Adapter - no luck!
  im not sure what to do next - can anyone help?
  im running OSX 10.7.4

  Hi There,
  I have had the exact same issue but with a projector.
  The issue lies with Mountian Lion 10.8.2.
  I tried many a combination with no luck to get HDMI working.
  Took my mac into the apple store and came to the conclusion it was the software, so I asked them to install 10.8 onto it (this is destructive so a backup is a must)
  Bought my macbook home and voila, now displaying through my projector.
  There is a small graphics update after 10.8.1 which seems to be the cause.
  Hope this helps.
  Thanks.

• 1st April 2012 problem

  When I try to create an all day event on 1 Apr 12 on my iPad, the length of the event is automatically converted to two days long. When I edit the event, it remains at two days long.
  I changed my regional settings in order to change the first day of the week, with no success (problem still occurs on 1st April 2012).
  The 1st July 2012 also falls on a Sunday but does not suffer the same problem.
  This problem occurs on my iPad, iPhone and a friends iPhone which all run iOS 5.0.1.
  Does anyone else have this problem and therefore is it a bug with the calendar app in this iOS?

  Yeah, it's a bug and it was there last year also.  You're located in Australia or New Zealand or some place else where Daylight Savings Time ends on April 1.  The bug is that April 1 is only 23 hours long but an "all day" event is 24 hours so it spills over into the next day!
  Cheers!

• My itunes account was broken into in April 2012 and my Apple ID is still disabled and I can't get into my apple account at all. I have reset everything a million times and the phone support *****!!! What now???

  My itunes account was broken into in april 2012 and my apple ID is still disabled and I can not get into my account. What do I do to get it enabled?

  There is no phone support for itunes.
  Click Support at the top of this page, then click Contact Apple Support

• Windows 2012 R2 RDS Licensing Issue

  I setup RDS License Server role in our domain controller server and installed open license RDS User CAL. From the connection broker server, I setup RDS Deployment's RD Licensing to per user and added the domain controller from the license server
  list. RD Licensing Diagnoser output is ok and able to detect the license server. All servers are windows 2012 R2.
  Now the issue is, when using RD Web access and launching the application, the license manager is still showing 0 issued license. Tried opening several sessions, more than the number of license seats available and still RDS still works fine. Wondering
  whether license server is functioning properly. Let me know if someone experienced the same thing.
  Thanks!
  Joe

  Hi Joe,
  Thank you for posting in Windows Server Forum.
  Have you find any specific error\event id for this case?
  As you have Per User CAL  and to see your Per User RDS CAL usage you need to create a report, save it to a .csv file, and then view the csv file in Notepad/Excel. We can do this in RD Licensing Manager by right-clicking on the server name, choosing Create
  Report - Per User CAL Usage, and then after you have the report right-click on it and choose to save it as csv.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• I cracked my IPad 3 that I got in April 2012, and I cracked it bad. What can I do? Please help'

  I cracked my IPad 3 64 GB in the top left corner with a line across the top half of the screen back in April 2012, a few days after I got it. But yesterday, my dog stepped on it and completely shattered the top white part of the IPad. The glass has actually chipped off, and now there is a big hole next to the camera. The IPad still works perfectly fine, in fact I'm on it right now, but the only thing is that the camera is a little fuzzy. I'm not sure what to do. I bought the IPad through apple.com in April 2012 and its been engraved with my name on it. I cracked it for the first time a few days after I got it, don't judge, and now it's a really really really bad crack. I googled what to do if you have a hole in your IPad, and didn't find anything, so hopefully someone can help me! I really don't want have to pay another $700 to replace the IPad, and my school uses them so my IPad is super important. I don't remember if I have any insurance on the IPad, but is there like an automatic warranty if you bought it within the last year, and it's your first offense? Thanks so much!!!!!!

  Hi Agutta,
  If you bought AppleCare for your iPad, then it has coverage for 2 incidents of accidental damage - $49 to repair. If you did not purchase AppleCare, you can take it into the nearest Apple Store to find out what the repair cost would be, or call Apple Support.
  Here's a link to the AppleCare site:
  http://www.apple.com/support/products/ipad.html
  Here's a link to the Apple Support site:
  http://www.apple.com/support/contact/
  Sorry about your accident! Hope it gets resolved....
  GB

• Adobe Flash 11.1.102.63 not detected with April 2012 PRU

  We have recently updated Adobe Flash to version 11.1.102.63 in our ZENworks 10.3.3 zone. I downloaded and applied the April 2012 PRU and it is still not detecting after an inventory. Is there a fix or easy workaround?
  Thanks.

  Originally Posted by pcwoodring
  We have recently updated Adobe Flash to version 11.1.102.63 in our ZENworks 10.3.3 zone. I downloaded and applied the April 2012 PRU and it is still not detecting after an inventory. Is there a fix or easy workaround?
  Thanks.
  All - it magically worked during the weekly scheduled inventory run. Perhaps some database updates hadn't taken place yet.

• HT1665 Last year on 24 April 2012 I bought white colored i4S apple I iphone because of voltage fluctuations it burnt the adapter of charger. I want to buy new charger . Please tell me the price of charger.

  Last year on 24 April 2012 I bought white colored i4S -64Gb apple I iphone because of voltage fluctuations it burnt the adapter of charger. I want to buy new charger . Please tell me the price of charger in India

  Thanks peter for suggestion I was confused If charger's adapter also comes under warranty..I bought it from amritsar and its 2 hour run from my place. dats y i wanted to check for price of original charger.

• I've upgraded my iPad to iOS7 and am now unable to access books purchased on iBooks prior to April 2012, why is this?

  I've upgraded my iPad to iOS7 and am now unable to access books purchased on iBooks prior to April 2012, why is this?

  I've upgraded my iPad to iOS7 and am now unable to access books purchased on iBooks prior to April 2012, why is this?

• Iphone 4s error -1, purchased in April 2012 in the US...now I am in Greece and cannot get it repaired as it was purchased in the US and it is still under warranty.

  Hi,
  I purchased my iphone 4s in April 2012 in the US and after doing an update it now has error -1 and after many calls with techinicians nothing will fix it. I want to send it in for repair as it is still under warranty but I now live in Greece and I have been told that I cannot send it in as I do not have a US address for the replacement. There is no apple store in Greece and I have been to the authorised reseller here and they cannot help me as it is was purchased in the US.
  What can I do????????

  The warranty is NOT international. You will need to take it back to the US or send it to someone you know there to take it in for service.  Apple will not accept an international shipment for service.

• CSV-2012-1675 IPC METHOD CORRECT

  Hi, I’m hoping someone can confirm I applied the csv-2012-1675 patch against the poison attack correctly? I applied the IPC method. A few days ago I started getting ORA-3136 on one of my servers. I need to rule out the poison attack as a possible cause!
  The instructions said I could use IPC method but it looks like it now has a TCP fix as well. I tried confirming the patch following instructions but I do not get the errors as described. My llistener "services" does show connecting as IPC.
  My server is a windows 11.1.0.7 NON-Rac used for our data warehouse. The data warehouse Informatica software is housed offsite so it does have an offsite client connection to another server. When I get an ORA-3136 error the data warehouse job also fails.
  Can anyone confirm the IPC patch method should work for my type of server OR why the COST test to see if it is working is not showing the expected error?
  Thanks for taking my questions!!
  Kathie

  Hi, I’m hoping someone can confirm I applied the csv-2012-1675 patch against the poison attack correctly? I applied the IPC method. A few days ago I started getting ORA-3136 on one of my servers. I need to rule out the poison attack as a possible cause!
  The instructions said I could use IPC method but it looks like it now has a TCP fix as well. I tried confirming the patch following instructions but I do not get the errors as described. My llistener "services" does show connecting as IPC.
  My server is a windows 11.1.0.7 NON-Rac used for our data warehouse. The data warehouse Informatica software is housed offsite so it does have an offsite client connection to another server. When I get an ORA-3136 error the data warehouse job also fails.
  Can anyone confirm the IPC patch method should work for my type of server OR why the COST test to see if it is working is not showing the expected error?
  Thanks for taking my questions!!
  Kathie

• Iphone 4s calendar alert issue

  I tend to put 2 alerts on my calendar events, one for 1 day before and the second one for 1 hour before (or some other on the day of event).  I have noticed that when I put in the first alert for 1 day before and then enter the second alert for 1 hour before and click done they have somehow been reversed, the first alert is now 1 hour before and the second alert is 1 day before.  I have to click them again and change them to the proper order, this usually take about 3 tries to get them to stay as I want them.  I can them save the event and all is good.  I was at the Apple store and the staff duplicated this issue so I know I'm not the only one experiencing this nuissance.  Has anyone else come across this?  I do hope the upcoming update will fix it.

  Update since Genius visit:
  1) Apple is working on an update
  2) There is no awareness at Apple of this calendar alert issue as a bug, hence it is not being addressed/worked on
  3) Solutions offered by Genius have not resolved this issue.
  Solutions offered by Genius, in order of which to try first:
  1) Delete calendar data from iPhone: Settings>iCloud>Calendars OFF and then restore data from iCloud: Calendars ON
  2) Reset iPhone settings: Settings>General>Reset>Reset all settings
  3) Restore to factory settings: Settings>General>Reset>Erase all content and settings, then restore data from iCloud and in-app backups.
  4) Use another calendar app (seriously)
  Of course, if the bug is actually part of the iOS software (could it be?) then no amount of erasing and restoring data will fix the issue.  I completed the first two options with no change, and am not willing to do the third option because I am not interested in going through the process of backing up, then restoring all my third-party apps.
  My solution: raise awareness of this issue with Apple, so that it can be worked on and fixed.   I have reported it as a bug through Apple's feedback module: http://www.apple.com/feedback/iphone.html and I encourage-- no, ask-- you to do the same, if you are experiencing this issue.  I provided a link to this forum topic to show the variety and detail of problems.
  Are you sick of missing alerts, fiddling endlessly, coming up with workarounds, paying for unreliable software, and not being responded to?  I am.  It's time to rally!