Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16057 | DO6751-ORACLE10 | SV-24957r1_rule | VIVM-1 | Medium |
Description |
---|
Unsupported Oracle network client installations may introduce vulnerabilities to the database. Restriction to use of supported versions helps to protect the database and helps to enforce newer, more robust security controls. |
STIG | Date |
---|---|
Oracle Database 10g Installation STIG | 2014-04-02 |
Check Text ( C-17074r1_chk ) |
---|
View the SQLNET.ORA file in the ORACLE_HOME/network/admin directory or the directory specified in the TNS_ADMIN environment variable. Locate the following entry: SQLNET.ALLOWED_LOGON_VERSION = 10 If the parameter does not exist, this is a Finding. If the parameter is not set to a value of 10 or higher, this is a Finding. NOTE: It has been reported that the there is an Oracle bug (6051243) that prevents connections to the DBMS using JDBC THIN drivers when this parameter is set. The fix is available as patch 6779501. |
Fix Text (F-16160r1_fix) |
---|
Edit the SQLNET.ORA file to add or edit the entry: SQLNET.ALLOWED_LOGON_VERSION = 10 Set the value to 10 or higher (10 and 11 are currently valid values). |