Threat Finder

Threat ID
2772
Threat Date
05/31/2013
Threat Name
TCP.VALIDNODE_CHECKING disabled
CVE Reference
CVE-NO-MATCH
CCE Reference
CCE-NO-MATCH
Risk
Low
Database Type
Oracle
Category
Improper Access Controls
Versions
Oracle Database Server 9iR1, 9iR2, 10gR1, 10gR2, 11gR1 and 11gR2
Summary
A listener can check the IP address of the client machine and, based on certain rules, decide to allow or deny the request. This can be enabled by a facility called Valid Node Checking, available as a part of Oracle Net installation.
Overview
The TCP.VALIDNODE_CHECKING parameter creates a hard failure when any of the host names in the invited/excluded list fail to resolve to an IP address. This is to ensure that a customer's desired configuration is enforced, meaning that valid node checking cannot take place unless the host names are resolvable to IP addresses.
Use the parameter TCP.INVITED_NODES to specify which clients are allowed access to the database or parameter TCP.EXCLUDED_NODES to specify which clients are not allowed to access. TCP.INVITED_NODES takes precedence over the TCP.EXCLUDED_NODES parameter if both lists are present.
These parameters are to be found in file sqlnet.ora.
References
http://docs.oracle.com/cd/B28359_01/network.111/b28317/sqlnet.htm#CIHJDJII
VMSKey
STIGID

Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.

Powered by