解决这个问题时alert-cve-2012-1675-1608180:Oracle Security Alert for CVE-2012-1675的记录, 直接从Send Items里摘出来自己的部分:
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html
I think that’s a known securityissue as thus ↑[alert-cve-2012-1675-1608180:OracleSecurity Alert for CVE-2012-1675]
Affected Products and Versions · Oracle Database 11g Release 2, versions 11.2.0.2,11.2.0.3 · Oracle Database 11g Release 1, version 11.1.0.7 · Oracle Database 10g Release 2, versions 10.2.0.3,10.2.0.4, 10.2.0.5 Solution Recommendations for protecting against this vulnerability can befound at: · My Oracle Support Note 1340831.1 for Oracle Databasedeployments that use Oracle Real Application Clusters (RAC). · My Oracle Support Note 1453883.1 for Oracle Databasedeployments that do not use RAC. Please note that Oracle has added Oracle Advanced Security SSL/TLSto the Oracle Database Standard Edition license when used with the RealApplication Clusters and Oracle has added Oracle Advanced Security SSL/TLS tothe Enterprise Edition Real Application Clusters (Oracle RAC) and RAC One Nodeoptions so that the directions provided in the Support Notes referenced abovecan be applied by all Oracle customers without additional cost. Note: Pleaserefer to the Oracle licensing documentation available on Oracle.com regardinglicensing changes that allow Oracle Advanced Security SSL/TLS to be used withOracle SE Oracle Real Application Clusters and Oracle Enterprise Edition RealApplication Customers (Oracle RAC) and Oracle RAC OneNode Options. Due to thethreat posed by a successful attack, Oracle strongly recommends that customersapply this Security Alert solution as soon as possible.
Better than using workarounds is to patch thevulnerability[CVE-2012-1675].
However, you could do as thus if you were concerned to restartoracle:
Possible workarounds -------------------- There are many possible workarounds. The easier one is to set the following parameter in the listener.ora configuration file: dynamic_registration = off. But, sometimes, you don't want to apply this workaround. Inexample, if you have an Oracle RAC cluster, all the cluster's instances mustbe registered in both TNS Listeners so, this workaround is notsuitable for Oracle RAC clusters. To apply this workaround with Oracle RAC environments one needs to implement load balancing at the clientside, changing all the client's tnsnames.ora configuration file to addthe complete list of Oracle RAC nodes. However, there is another possible workaround that, sometimes, is suitable for Oracle RAC environments. Edit the file protocol.oraor, for older versions, sqlnet.ora, at the server side and add thefollowing directives: TCP.VALIDNODE_CHECKING = YES TCP.INVITED_NODE =(Comma,separated,list,of,ALL,valid,clients, ...) But, anyway, this workaround doesn't prevent valid clients frombeing used as proxies. Valid clients can still exploit the vulnerability regardless the VALIDNODE_CHECKING directive added as the client isa valid node. Then again, there is one more suitable workaround: If customerbought (and enabled) Oracle Advanced Security feature clients can beconfigured to use SSL/TLS. Thus, at both client and server side, thefollowing parameters must be changed in protocol.ora or sqlnet.ora: Client side: SQLNET.ENCRYPTION_CLIENT=REQUIRED Server side: SQLNET.ENCRYPTION_SERVER=REQUIRED The value of these configuration directives must be REQUIRED andnot REQUESTED, as is pretty common, otherwise the attacker can answerto the connection attempt answering that no SSL cipher is supported atthe server side (as the attacker's controlled box is for the clientthe trusted database's server) and the client will reconnect withoutusing SSL.
Here is more information aboutit…
http://seclists.org/fulldisclosure/2012/Apr/204
Then I did a easy way...
suneng23:/export/home/sfuser>lsnrctl LSNRCTL for Solaris: Version11.2.0.3.0 - Production on 28-FEB-2014 02:05:56 Copyright (c) 1991, 2011,Oracle. All rights reserved. Welcome to LSNRCTL, type"help" for information. LSNRCTL> setdynamic_registration off Connecting to(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)) LISTENER parameter"dynamic_registration" set to OFF The command completedsuccessfully LSNRCTL> setsave_config_on_stop on Connecting to(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)) LISTENER parameter"save_config_on_stop" set to ON The command completedsuccessfully LSNRCTL> exit