Checking for the presence or risk of a numeric overflow defect in Symantec Data Loss Prevention
Last Updated September 19, 2016
There is an issue in which several database tables can encounter numeric overflow issues.
DLP versions for which this Technical Note applies: all versions DLP versions at high risk of exhibiting the defect: 12.0, 12.0.1, 12.5, 12.5.1 DLP versions that include fixes for this problem: Versions 12.5.2, 12.5.3, 14.0, and 14.0.1, include progressive fixes for the issue. Versions 14.0.2 and 14.5 provide a complete fix for the issue. Typical context: Large-scale systems with a high volume of DLP activity. Small-scale systems with specific usage patterns may experience the issue as well.
The steps described below are non-intrusive, do not necessitate system downtime and can be repeated at any time or on a regular basis.
Procedure: on your DLP Enforce Oracle database, as PROTECT user, execute the following SQL query that will return the top 10 consumers of numeric IDs with their respective percentage capacity utilization:
1. Log into SQLPlus as PROTECT user and run the following script:
select * from (select round(LAST_NUMBER / DECODE(S.MAX_VALUE, 9999999999999999999999999999, 2147483647, S.MAX_VALUE) * 100.0, 4) as PCT_UTILIZATION, S.SEQUENCE_NAME, S.INCREMENT_BY, S.LAST_NUMBER from USER_SEQUENCES S order by PCT_UTILIZATION desc) where ROWNUM <= 10;
2. Interpret the results:
• The first column “PCT_UTILIZATION” displays the current capacity utilization of the DLP system ID (identification number) whose name is displayed on column #2 (SEQUENCE_NAME). This number should be low and as far away as possible from the 100% limit. • If your DLP version is earlier than 12.5.2 and the top number(s) are getting close to 100% (in the 60% to 80% range for example), your DLP system is at risk of hitting the numeric overflow defect within a short timeframe if not upgraded to a version that contains the fix. Versions 14.0.2 and 14.5 provide a complete fix to the problem. • If your DLP version is 12.5.2 or later and the top number(s) are elevated (higher than 20%), this is unexpected. Although there is no risk to your system at this level, please contact Symantec technical support and report the issue for further analysis. • If the top number(s) are above 100%, your DLP system is already affected by the problem and you should contact Symantec technical support immediately (whether you have already observed failure symptoms or not yet).
Referenced in the 12.5.2 Release Notes PDF as:
3579710 Several database tables encountered numeric overflow issues.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe