According to heise Security News there exists an Oracle bug which allows malicious listeners:
I have searched OSS and SDN, but so far it seems there is no recommendation from SAP.
Should we set proactively dynamic_registration = off in the listener.ora (for non-clustered systems)?
Or should we wait until Oracle releases a bugfix and keep fingers crossed?
Regards,
Mark