Jithin's Oracle Tuning Corner

The Oracle Weblog

Rapidclone fails at adaddnode.pl ORA-10143 & ORA-06512 Oracle EBS 12.2.4

In Oracle EBS 12.2.4, Rapidclone automatically runs adaddnode.pl. In My case, the adcfgclone.pl appsTier errored out with the below error

sqlplus /nolog @/<serverlocation>/ad/11.5.0/patch/115/sql/adadmdat.sql APPS apps apps 
.... 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 
Updating tables... 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 

declare 
* 
ERROR at line 1: 
ORA-01403: no data found 
ORA-06512: at line 159

Going though the adadmdat.sql, I see that it is trying to update the current view snapshot entries. Going through the requirements for Rapidclone on 12.2, I saw that running a full maintin current view snapshow was required.

So on the sourcenode, I ran adadmin and updated the current view snapshot. It takes about 1 hours. After this, remove the entry for the new appltop frmo ad_appl_top and re-run adaddnode.pl

perl adaddnode.pl -appsuser=apps -appspass=apps

Test for CVE-2015-0204 | SSL Freak Attack

The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be decrypted or altered. When a vulnerable browser connects to a server that supports RSA_EXPORT cipher suites, the browser can be forced to use a 512-bit RSA key. This can happen if the client is using a version of OpenSSL susceptible to CVE-2015-0204 or another library with a similar bug.

Websites that support RSA export cipher suites (e.g., TLS_RSA_EXPORT_WITH_DES40_CBC_SHA) are at risk to having HTTPS connections intercepted

How to TEST WebSite:
1. Install OPENSS (I’ve always used this
2. Open a cmd.exe and navigate to \openssl\bin\
3. Run openssl s_client -connect : -cipher EXPORT

If the website does not support RSA Export chipper suites, then your handshake will fail and you will get back to command prompt.

If the site does support RSA Export chippers, you will successfully complete the handshake and then command prompt will wait on a blank prompt

How to test clients (browser):
Open browser, go to https://cve.freakattack.com/
If this sites loads and shows something like below, this browser is vulnerable.

Fixes:

Apple is working on a fix.
OpenSSL has a fix, released in January ’15.

RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
==============================================================

Severity: Low

An OpenSSL client will accept the use of an RSA temporary key in a non-export
RSA key exchange ciphersuite. A server could present a weak temporary key
and downgrade the security of the session.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.

Reference:
Reference 1
Reference 2
Reference 3
Reference 4

GATHER AUTO vs GATHER STALE in Oracle 11.2

When using DBMS_STATS to gather statistics, we need a method to choose which objects to gather statistics for. This is done by the parameter “OPTIONS”. The possible values for this parameter are

  • GATHER
  • GATHER AUTO
  • GATHER STALE
  • GATHER EMPTY
  • LIST AUTO
  • LIST EMPTY
  • LIST STALE

Of the above, GATHER AUTO & GATHER STALE confuse many – let’s see what’s the main difference between the two.

GATHER STALE: Oracle gathers statistics on stale objects as determined by looking at the *_tab_modifications views. The estimate percent & degree have to be provided by the user.

GATHER AUTO : Oracle decides which objects to gather fresh statistics for and also decides how to get them. Oracle determines the estimate percent to be used. The parallelism used is based on the init.ora setting. This also used *_TAB_MODIFICATIONS to decide on the eligible candidates.

FootNote:

In 12c, Oracle has done away with most of these and provides only GATHER and GATHER AUTO

Reference:

https://docs.oracle.com/database/121/ARPLS/toc.htm

http://docs.oracle.com/cd/B28359_01/appdev.111/b28419/d_stats.htm#CIHBIEII

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: