Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Update for CVE-2012-3132 - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Update for CVE-2012-3132

In July of this year Oracle sent a vulnerability notification to it's users for the Oracle Security Alert CVE-2012-3132.  At the time of the publication of the security bulletin it was noted that this exploit was not remotely exploitable.  The remote capabilities, or lack thereof, in this vulnerability was called into question, with a very interesting write up on the Kaspersky Labs Security News Service.  Many organizations I have worked with would initially deem this a very low risk, due to the lack of remote capabilities, so it may be time for a reassessment of the risk.

I am not on the Oracle Security newsfeeds, so if anybody has a notification from Oracle that they are permitted to share, we would love to help get the word out.


tony d0t carothers - gmail


150 Posts
ISC Handler
Sep 23rd 2012
These are two separate vulnerabilities, right?

CVE-2012-3132 is a privilege escalation from an account with certain limited abilities with respect to CTXSYS.CONTEXT.

The new one posted on the Kaspersky blog, if I understand it correctly, involves the ability of and unauthenticated attacker to gather enough information to do off-line password cracking, without having to even sniff a successful logon by someone who does have a valid password.

That latter point is important - it's apparently been known since 2007 that sniffing a single successful authentication already provided enough data for offline cracking (

Sign Up for Free or Log In to start participating in the conversation!