Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Oracle Security Alert for CVE-2012-3132 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Oracle Security Alert for CVE-2012-3132

One of our ISC readers, Dave, sent us a note that Oracle released a security note for CVE-2012-3132, the Privilege Escalation vulnerability in the Oracle Database Server initially discussed during Black Hat 2012.   I recommend carefully reading the wording of this notification because there are Oracle products that contain the Oracle Database Server as a component of the overall suite, such as Oracle Enterprise Manager.  One comment that Dave and both had is that Oracle found it necessary to highlight what didn't need to be patched, in bold comments near the top of the article.  Our thought was that this could be misleading or misunderstood, and confusion is never a good thing.

tony d0t carothers --gmail

Tony

150 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!