- Threat ID
- Threat Date
- Threat Name
- TCP.VALIDNODE_CHECKING disabled
- CVE Reference
- CCE Reference
- Database Type
- Improper Access Controls
- Oracle Database Server 9iR1, 9iR2, 10gR1, 10gR2, 11gR1 and 11gR2
- A listener can check the IP address of the client machine and, based on certain rules, decide to allow or deny the request. This can be enabled by a facility called Valid Node Checking, available as a part of Oracle Net installation.
- The TCP.VALIDNODE_CHECKING parameter creates a hard failure when any of the host names in the invited/excluded list fail to resolve to an IP address. This is to ensure that a customer's desired configuration is enforced, meaning that valid node checking cannot take place unless the host names are resolvable to IP addresses.
Use the parameter TCP.INVITED_NODES to specify which clients are allowed access to the database or parameter TCP.EXCLUDED_NODES to specify which clients are not allowed to access. TCP.INVITED_NODES takes precedence over the TCP.EXCLUDED_NODES parameter if both lists are present.
These parameters are to be found in file sqlnet.ora.
Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.