Not rendering correctly? View this email as a web page here.
seculore_full_logo_wide_background.jpg
Alert: Critical Oracle Database Server Vulnerability

US-CERT released a security alert on August 13th addressing a serious vulnerability in Oracle Database for both Windows and Unix/Linux. This is the second patch relating to CVE-2018-3110, so even if you heard about the Oracle patch in July, double-check your version! A new patch was released on August 10th for Windows for database versions 11.2.0.4 and 12.2.0.1.

Here’s the version breakdown:

  • Windows:
    • Version 12.1.0.2 is vulnerable and can be fixed with the July 2018 critical patch update.
    • Versions 11.2.0.4 and 12.2.0.1 are vulnerable and can be fixed with the new August 10th patch.
  • Unix/Linux:
    • According to Oracle, all versions for Linux are vulnerable and can be fixed with the July 2018 critical patch update.

The exploit allows for total control and shell level access to the vulnerable database with little effort. It seems that a low privilege user account is required to perform the attack but remember that such accounts are more likely to be compromised in the first place. The CVE has a score of 9.9/10 and should be fixed as soon as possible.

The original security alert released by Oracle with links to patch information can be found here: http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html

Stay cyber-safe,

SecuLore Support Team
 
  

SecuLore Solutions is a Public Safety company focused on cybersecurity - if you have concerns about your network, please contact us at info@SecuLore.com or visit us at www.SecuLore.com

Follow us on Twitter Follow us on Linkedin Follow us on Facebook