Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-54077 | O112-BP-026600 | SV-68317r4_rule | Medium |
Description |
---|
Unsupported Oracle network client installations may introduce vulnerabilities to the database. Restriction to use of supported versions helps to protect the database and helps to enforce newer, more robust security controls. |
STIG | Date |
---|---|
Oracle Database 11.2g Security Technical Implementation Guide | 2019-09-27 |
Check Text ( C-54861r5_chk ) |
---|
View the SQLNET.ORA file in the ORACLE_HOME/network/admin directory or the directory specified in the TNS_ADMIN environment variable. (Please see the supplemental file "Non-default sqlnet.ora configurations.pdf" for how to find multiple and/or differently located sqlnet.ora files.) Locate the following entry: SQLNET.ALLOWED_LOGON_VERSION = 12 If the parameter does not exist, this is a finding. Determine whether the Oracle DBMS software is at version 11.2.0.4 with the January 2014 CPU (or above). If it is not, this is a finding. If the parameter is not set to a value of 12 or higher, this is a finding. |
Fix Text (F-58919r3_fix) |
---|
: Deploy Oracle 11.2.0.4 with the January 2014 CPU patch. Edit the SQLNET.ORA file to add or edit the entry: SQLNET.ALLOWED_LOGON_VERSION = 12 Set the value to 12 or higher. For more information on sqlnet.ora parameters refer to the following document: "Database Net Services Reference" https://docs.oracle.com/cd/E11882_01/network.112/e10835/sqlnet.htm#NETRF006 |