We are running 9.2.0.6 with the following patches: 4161400 4193295 4017526 4141415 4161315 4049345 4199440
This list comes from the oracle Opatch lsinventory command. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nicolas Pouvesle Sent: Friday, June 10, 2005 4:52 AM To: [email protected] Subject: Re: apr cpu for oracle showing up in scans On Jun 9, 2005, at 1:25 PM, Jones, Lisa (N-Spalding Consulting) wrote: > Ok, we previously had a problem with the alert68 showing up in our > scans, even though we patched for it, and it turned out to be that > we had plugin 1.8. We downloaded 1.9, which corrected the > alert....now we have patched for the Oracle AprCPU2005, and ran the > scans, and we are now receiving the following: > According to its version number, the installation of Oracle on the > remote > host is reportedly subject to multiple unspecified vulnerabilities. > Some vulnerabilities don't require authentication. It may allow an > attacker > to craft SQL queries such that they would be able to retrieve any > file on > the system and potentially retrieve and/or modify confidential data > on the > target's Oracle server. > > Solution : <http://www.oracle.com/technology/deploy/security/pdf/ > cpuapr2005.pdf> > Risk Factor : High > BID : 13145, 13144, 13139, 13238, 13236, 13235, 13234, 13239 > > We have already applied this patch....do we need another download? > We supposedly fixed the firewall problem that was preventing the > plugins from being downloaded. Could you give us your Oracle version with this patch applied ? It should be in the Nessus report. Thanks, Nicolas _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
