You can configure Oracle
12c or
11g with CPU Oct 2012 or later as a back-end database with the
ALLOWED_LOGON_VERSION=12 flag. Because of an Oracle authentication vulnerability described in CVE-2012-3137, Oracle recommends that you use
ALLOWED_LOGON_VERSION=12 to mitigate the vulnerability. See MyOracle Support note 1492721.1 for details.
DVM uses Oracle driver version
10g to provide full support from Oracle 8i and later for DVM scanning. Oracle provides backward compatibility for two versions for any driver. For example, the Oracle
10g driver supports Oracle 8i and later, but the Oracle
11g driver supports only Oracle 9i and later.
If you want to use Oracle with the
ALLOWED_LOGON_VERSION=12 flag, replace the Oracle driver used by DAM with the version from Oracle
11g. If you update the driver, DVM doesn't connect to Oracle 8i, but can connect to Oracle 9i and later.
IMPORTANT: Oracle driver replacement is supported only in DVM versions 4.7 and later. An indicator of this issue is the following error in the server logs or on the console:
ORA-28040: No matching authentication protocol.
Configure Oracle as a back-end database
NOTE: Implement only one of the following two options:
- Set the ALLOWED_LOGON_VERSION parameter to a value of 10 or lower.
- Replace the Oracle driver with a later revision.
To replace the Oracle driver used by the DVM standalone version, do the following:
NOTE: The following procedure affects the import from the TNS file feature, which might not be available after the change.
- Download the driver:
- If you're connecting to Oracle 12cR1 (12.1), download the Oracle 11g JDBC driver file ojdbc6.jar from Oracle Database Technologies.
- If you're connecting to Oracle 12cR2 (12.2) or later, download the Oracle 12cR2 JDBC driver file ojdbc8.jar from the Oracle Downloads page.
- Click Start, Run, type explorer, and click OK.
- Navigate to <server_installation_dir>\webapps\ROOT\WEB-INF\lib\
- Copy the file ojdbc6.jar or ojdbc8.jar into this folder. For example: C:\Program Files (x86)\McAfee\McAfee Database Security\webapps\ROOT\WEB-INF\lib\.
- Click Start, Run, type services.msc in the dialog box, and click OK.
- Right-click the Database Security Server service and click Stop.
- Rename the ojdbc14.jar file to ojdbc14.jar.old in <server_installation_dir>\webapps\ROOT\WEB-INF\lib\.
- Right-click the Database Security Server service and click Start.
IMPORTANT: When you upgrade the Database Security Server, you must repeat this procedure. The Database Security Installer copies
ojdbc14.jar to the
lib directory and might remove the later file.