VERIFIED SOLUTION i

How to secure a Confirm Oracle database from the issues published in Oracle Security Alert CVE-2012-1675 disclosed as "TNS Listener Poison Attack"

Product Feature: Application Infrastructure

Operating System: Windows 2008
 
You have a requirement to secure a Confirm Oracle database from the issues published in Oracle Security Alert CVE-2012-1675 (http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html).  The affected Products and Versions are:

Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3, 11.2.0.4
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5

Recommendations for protecting against this vulnerability in single instance databases can be found in My Oracle Support Note 1453883.1.

One way to tackle this issue is to implement a Class of Secure Transport (COST) restriction using the IPC protocol following the approach shown in Oracle Support Note 1553883.1. This involves changes to the listener.ora to add an IPC listener endpoint and changing the database LOCAL_LISTENER parameter to connect to this listener using IPC instead of TCP.

A Pitney Bowes Confirm DBA has implemented the security fix on an Oracle 11g server running on a Linux environment and then a sanity check of Task Processor and Confirm client was undertaken, after which everything appeared to be working fine. 
UPDATED:  October 6, 2017