Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Oracle Critical Patch Update for April 2014

Published: 2014-04-16
Last Updated: 2014-04-16 13:07:05 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Oracle released its quarterly Criticical Patch Update (CPU) yesterday [1]. As usual, the number of patches is quite intimidating. But remember these 104 fixes apply across the entire Oracle product range.

Some of the highlights:

CVE-2014-2406: A bug in Oracle's Database which allows a remotely authenticated user to gain control over the database.

37 new patches for Java SE, 35 of which allow remote execution as the user running the Java Applet (according to Oracle: "The CVSS scores below assume that a user running a Java applet or Java Web Start application has administrator privileges (typical on Windows)".

4 of the Java vulnerabilities have a base CVSS score of 10 indicating not only full remote code execution but also easy exploitability.

[1] http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: oracle patch
0 comment(s)
ISC StormCast for Wednesday, April 16th 2014 http://isc.sans.edu/podcastdetail.html?id=3937
New Feature: Monitoring Certification Revocation Lists https://isc.sans.edu/crls.html

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Looking for malicious traffic in electrical SCADA networks - part 1
published 15 hours ago by Manuel Humberto Santander Pelaacuteez (0 comments)

INFOCon Green: Heartbleed - on the mend
published 1 day ago by Kevin Shortt (7 comments)

Reverse Heartbleed Testing
published 3 days ago by Kevin Shortt (3 comments)

Interested in a Heartbleed Challenge?
published 4 days ago by Guy (0 comments)

Heartbleed Fix Available for Download for Cisco Products
published 4 days ago by Guy (0 comments)

The Other Side of Heartbleed - Client Vulnerabilities
published 5 days ago by Rob VandenBrink (3 comments)

How to talk to your kids (or manager) about "Heartbleed"
published 5 days ago by Dr. J (6 comments)

Brace Yourselves (and your Users / Clients) for Heartbleed SPAM
published 5 days ago by Rob VandenBrink (1 comment)

All things not Heartbleed
published 6 days ago by Rob VandenBrink (1 comment)

Testing for Heartbleed
published 6 days ago by Mark (6 comments)

Heartbleed vendor notifications
published 1 week ago by Mark (73 comments)

View All Diaries →

Latest Discussions

Script kiddie scan
created 4 days ago by Anonymous (0 replies)

Russia and DoS
created 1 month ago by Peter P (0 replies)

Suspiciously quiet on DNS scan activity
created 1 month ago by Thomas (1 reply)

Outbound 6000/TCP traffic to multiple Chinese IPs?
created 1 month ago by SniffingShadow (4 replies)

principle for designing a pen test testing workbencg
created 2 months ago by Anonymous (0 replies)

View All Forums →

Latest News

View All News →