In my previous blog, I tried to explain why the fundamental Oracle flaw is dangerous. On the other hand, in my tests I couldn’t find a way to pass a higher SCN to a target DB to crash it. Since then, I’m trying to verify that this flaw can be can exploited. Here’s a short video of one of my tests:

Read More

InfoWorld magazine published an detailed article regarding Oracle Database security flaw yesterday. InfoWorld says Oracle requested them to hold the story until they release a patch for the flaw. The flaw is related with System Change Number (SCN). If SCN is increased beyond the current maximum value (SCN Headroom or Maximum Reasonable SCN), database gives ORA-600 errors and crashes.

As we know, the System Change Number (SCN) is a number that increments sequentially with every database commit (inserts, updates, and deletes), and usually it’s not possible to reach the maximum value. The biggest problem is the SCN is also incremented through linked database interactions.

As I see, most Oracle experts do not realize the importance of this security threat. Some people even say that the Oracle SCN issue is a storm in a teacup. I think they miss that it’s possible to increase the SCN intentionally and use database links to exploit the bug. So let’s create a storm in a teacup I should remind you that I will not take any responsibility if you mess up your databases. Just read the blog, do not test it on your systems.

Read More

A long title for a short trick. I have uninstalled my cloud control agent and tried to re-install it. I gave the same directory I previously used to install and EM Cloud Control Agent Deploy Wizard gave an error at remote prerequisite check:

So it says I should deploy to a different directory or uninstall the Agent Oracle Home already registered. Because of our deployment standards, I need to deploy this agent to the same directory so I searched how I can uninstall the Agent Oracle Home.

Read More

The idea of creating an Exadata simulator arose at Oracle Day 2011 Istanbul. One of my friends was trying to fix a virtual machine in a hurry (right before his presentation), he said his “fake Exadata” crashed. He was just joking but I wondered if it’s possible to build an Exadata Simulator using virtual Box (or any other visualization). I googled and found nothing useful but I started to work on it.

An important point is, simulating Exadata does not mean simulating all features of Exadata Database Machine. The key features of Exadata Database Machine are infiniband connections and Exadata Storage Servers (the offloading capabilities and Flash Cache). It’s obvious that we do not need to simulate infiniband. All we need is to simulate “Exadata Storage Servers”.

Smart scanning, storage indexes, hybrid columnar compression, I/O resource manager, smart flash cache are all handled by the Exadata Storage Server “Software”. Although it’s called Oracle Exadata Database “Machine”, its heart is the Exadata Storage Server “Software”. You may say that all hardware needs software but the Exadata software is not an embedded one, it’s just an application running on Oracle Linux 5.x 64bit.

I found a way to download the Exadata Storage Server Software. It took about 3 days to install it to a virtual box, and 1 week to solve the problem about mapping physical “disks” to cell disks. By the way, I haven’t modified any executable file nor script. So it was a clean installation. Then I created an ASM disk group using my “fake” Exadata Storage, and started to test the features of Exadata Storage Server.

Read More

I’m going to upgrade one of our main databases with DBUA (Database Upgrade Assistant), and I take some notes to provide a smooth upgrade. Upgrading your database with DBUA seems a very easy and automated task but there are three important points you should consider when updating:

• Downtime: You would probably like to keep downtime to a minimum
• Errors while upgrading: It’s not possible to re-run DBUA if an error is encountered mid-upgrade!
• Performance Degradations: Most of the upgrade problems appear as performance degradations after the upgrade operation completed

So you need to carefully evaluate, plan, configure, test and implement the upgrade.

PLAN: First of all, I recommend you to visit the upgrade guides and plan all steps of the upgrade process:

Upgrade Advisor: Database from 9.2 to 11.2 [ID 264.1]
Upgrade Advisor: Database from 10.2 to 11.2 [ID 251.1]

RTFM: Although everyone says the same, we all intend to pass this step. Read the manuals before it’s too late

http://docs.oracle.com/cd/E11882_01/server.112/e23633/toc.htm

Very important and useful documents:

Oracle 11gR1 Upgrade Companion [ID 601807.1]
Oracle 11gR2 Upgrade Companion [ID 785351.1]

Use Internet Explorer to read upgrade companion documents (because they are interactive and requires IE) and don’t forget to check “behavior changes”!

Read More