Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Handlers Diary Blog - Oracle Security Alert for CVE-2012-3132 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Oracle Security Alert for CVE-2012-3132

Published: 2012-08-12
Last Updated: 2012-08-12 15:56:01 UTC
by Tony Carothers (Version: 1)
0 comment(s)

One of our ISC readers, Dave, sent us a note that Oracle released a security note for CVE-2012-3132, the Privilege Escalation vulnerability in the Oracle Database Server initially discussed during Black Hat 2012.   I recommend carefully reading the wording of this notification because there are Oracle products that contain the Oracle Database Server as a component of the overall suite, such as Oracle Enterprise Manager.  One comment that Dave and both had is that Oracle found it necessary to highlight what didn't need to be patched, in bold comments near the top of the article.  Our thought was that this could be misleading or misunderstood, and confusion is never a good thing.

tony d0t carothers --gmail

0 comment(s)
Diary Archives