Re: SCN wrapping

From: joel garry <joel-garry_at_home.com>
Date: Fri, 20 Jan 2012 09:03:07 -0800 (PST)
Message-ID: <b714de91-0765-4533-8300-bf350a0aa1be_at_b4g2000pbi.googlegroups.com>

On Jan 20, 12:39�am, mhoys <matthias.h..._at_gmail.com> wrote:
> On Jan 20, 1:09�am, joel garry <joel-ga..._at_home.com> wrote:
>
>
>
> > On Jan 19, 12:11�pm, "Matthias Hoys" <a..._at_spam.com> wrote:
>
> > > "Mladen Gogala" <gogala.REMOVETHISmla..._at_google.com> wrote in message
>
> > >news:jf9kek$gk8$1_at_solani.org...
>
> > > > It appears that Oracle 11G has a rather serious bug: it wraps SCN numbers
> > > > around, when doing begin/end backup type of backup:
>
> > > >http://tinyurl.com/6wbker6
>
> > > > --
> > > >http://mgogala.freehosta.com
>
> > > I wonder if it's only 11g that's affected by the bug or also any older
> > > versions? I don't remember reading anything about this in the last PSU patch
> > > notes for 10g... And yes, there are still people using prehistoric
> > > technology like 10g! ;-)
>
> > > Matthias Hoys
>
> > Note the link I posted used 9i. �And we have another Wartiki-wannabe:http://blogs.oracle.com/UPGRADE/entry/fundamental_oracle_flaw_reveale...
>
> > Mladen, see Bug 12371955 - Hot Backup can cause increased SCN growth
> > rate leading to ORA-600 [2252] errors [ID 12371955.8]
> > I think there is confusion because that was in 11.2.0.3, but is also
> > available as a patch 12371955 for earlier versions. �They don't seem
> > to put the old patches in the new listing you posted.
>
> > jg
> > --
> > _at_home.com is bogus.http://www.informationweek.com/news/security/app-security/232500111
>
> Thanks, that MOS article helped to clear up the confusion a bit :-)
> Looks like the bug was already fixed in the 11.2.0.3 server patch set.
>
> And this is what they say about pre-11g versions:
>
> �"This fix is *NOT* required in any release prior to 11g.
> �For 11g onwards this fix is already included in various Patch Set
> �Updates and bundles as listed above."
>
> *getting even more confused*
>
> Matthias Hoys

As I understand it, there are several issues, working together. The SCN being propagated among distributed databases appears to have been around a long time, but never really had a problem because of the large scale of the variable. The bug that congealed the problem seems to be the begin database backup which would elevate the SCN too fast. That would only really be a problem for a large system with many links and much usage of bcp style backups, where people would backup whole dbs with a snapshot, rather than tablespaces, and the SCN jumps propagating would multiply the problem. Since it could happen, but usually doesn't, they distribute a script to say red, amber or green light, so most people get warm and fuzzy green lights.

But now that we know that, it is a simple matter to poison a system by hacking the controlfiles of an obscure database, then propagate with a mere access over a link. You don't need the unpatched backup to have the problem happen, someone can make it happen. It may just be a matter of time until it gets to the script-kiddie point (I haven't looked yet this morning).

--
_at_home.com is bogus.
http://www.wired.com/wiredenterprise/2012/01/intel-oracle-hp/

Received on Fri Jan 20 2012 - 11:03:07 CST

This message: [ Message body ]
Next message: joel garry: "Re: So....."
Previous message: ExecMan: "RMAN"
Maybe in reply to: Mladen Gogala: "SCN wrapping"
Next in thread: Mark D Powell: "Re: SCN wrapping"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message