One of our ISC readers, Dave, sent us a note that Oracle released a security note for CVE-2012-3132, the Privilege Escalation vulnerability in the Oracle Database Server initially discussed during Black Hat 2012. I recommend carefully reading the wording of this notification because there are Oracle products that contain the Oracle Database Server as a component of the overall suite, such as Oracle Enterprise Manager. One comment that Dave and both had is that Oracle found it necessary to highlight what didn't need to be patched, in bold comments near the top of the article. Our thought was that this could be misleading or misunderstood, and confusion is never a good thing.
tony d0t carothers --gmail
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.