 | |
#11
 
| |||
| |||
|
Re: SCN wrapping -
01-24-2012
, 04:58 PM
|
On Jan 20, 12:03*pm, joel garry <joel-ga... (AT) home (DOT) com> wrote: On Jan 20, 12:39*am, mhoys <matthias.h... (AT) gmail (DOT) com> wrote: On Jan 20, 1:09*am, joel garry <joel-ga... (AT) home (DOT) com> wrote: On Jan 19, 12:11*pm, "Matthias Hoys" <a... (AT) spam (DOT) com> wrote: "Mladen Gogala" <gogala.REMOVETHISmla... (AT) google (DOT) com> wrote in message news:jf9kek$gk8$1 (AT) solani (DOT) org... It appears that Oracle 11G has a rather serious bug: it wraps SCN numbers around, when doing begin/end backup type of backup: http://tinyurl.com/6wbker6 -- http://mgogala.freehosta.com I wonder if it's only 11g that's affected by the bug or also any older versions? I don't remember reading anything about this in the last PSU patch notes for 10g... And yes, there are still people using prehistoric technology like 10g! ;-) Matthias Hoys Note the link I posted used 9i. *And we have another Wartiki-wannabe:http://blogs.oracle.com/UPGRADE/entr...e_flaw_reveale.... Mladen, see Bug 12371955 - Hot Backup can cause increased SCN growth rate leading to ORA-600 [2252] errors [ID 12371955.8] I think there is confusion because that was in 11.2.0.3, but is also available as a patch 12371955 for earlier versions. *They don't seem to put the old patches in the new listing you posted. jg -- @home.com is bogus.http://www.informationweek.com/news/...rity/232500111 Thanks, that MOS article helped to clear up the confusion a bit :-) Looks like the bug was already fixed in the 11.2.0.3 server patch set.. And this is what they say about pre-11g versions: *"This fix is *NOT* required in any release prior to 11g. *For 11g onwards this fix is already included in various Patch Set *Updates and bundles as listed above." *getting even more confused* Matthias Hoys As I understand it, there are several issues, working together. *The SCN being propagated among distributed databases appears to have been around a long time, but never really had a problem because of the large scale of the variable. *The bug that congealed the problem seems to be the begin database backup which would elevate the SCN too fast. That would only really be a problem for a large system with many links and much usage of bcp style backups, where people would backup whole dbs with a snapshot, rather than tablespaces, and the SCN jumps propagating would multiply the problem. *Since it could happen, but usually doesn't, they distribute a script to say red, amber or green light, so most people get warm and fuzzy green lights. But now that we know that, it is a simple matter to poison a system by hacking the controlfiles of an obscure database, then propagate with a mere access over a link. *You don't need the unpatched backup to have the problem happen, someone can make it happen. *It may just be a matter of time until it gets to the script-kiddie point (I haven't looked yet this morning). jg -- @home.com is bogus.http://www.wired.com/wiredenterprise...racle-hp/-Hide quoted text - - Show quoted text - This bug is not nearly as risky as the InfoWorld article made out. *On its own it is not likely to occur. *As far as a DOS attach goes if you have proper control of your network and do not allow remote non- controlled databases to link into yours then you can wait the time it takes to upgrade/patch to a protected version in the normal course of business. You can implement monitoring of your SCN number and spit out an alert or other form of warning message to identify an attach taking place. IMHO -- Mark D Powell -- |
reasonable SCN. Going through Bug 11767824: HIGH SCN VALUES / ORA-600
[2252] ERRORS while trying to understand what Jonathan said in some
places helped me understand much more. That shows the issue was there
in 10, even if that was kind of solved (or at least known and
trackable) and then made worse with the backup bug in 11.
Still glad I hadn't gone to snapshots and 11g though, even if only
through the luck of the budget-deprived. I'm definitely on the lag
side of http://mwidlake.wordpress.com/2012/0...en-to-upgrade/
You, Billy and Jonathan have brought me over to the tempest in a
teapot view, thanks.
jg
--
@home.com is bogus.
http://online.wsj.com/article/BT-CO-...24-711190.html
#12
| |||
| |||
|
#13
| |||
| |||
|
|
According to InfoWorld a partial patch is in the January 2010 CPU. The magazine has issued an update which includes mention of another potential means of the issue being raised. The actual bug related to manual hot backups is apparently limited to two releases per the article, which also contains a link to an article on what and how Oracle uses the SCN number. http://www.infoworld.com/d/security/...fications-and- more-information-184775 HTH -- Mark D Powell -- |
Thanks, Mark. Fascinating reading. Good thing is that Infoworld is fair
and balanced.
--
http://mgogala.byethost5.com
 |
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.