One of our ISC readers, Dave, sent us a note that Oracle released a security note for CVE-2012-3132, the Privilege Escalation vulnerability in the Oracle Database Server initially discussed during Black Hat 2012. I recommend carefully reading the wording of this notification because there are Oracle products that contain the Oracle Database Server as a component of the overall suite, such as Oracle Enterprise Manager. One comment that Dave and both had is that Oracle found it necessary to highlight what didn't need to be patched, in bold comments near the top of the article. Our thought was that this could be misleading or misunderstood, and confusion is never a good thing. |
Tony 150 Posts ISC Handler Aug 12th 2012 |
Thread locked Subscribe |
Aug 12th 2012 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!