Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_RDBMS_CPU_JAN_2013.NASL
HistoryJan 18, 2013 - 12:00 a.m.

Oracle Database Multiple Vulnerabilities (January 2013 CPU)

2013-01-1800:00:00
This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.5%

JSON

The remote Oracle database server is missing the January 2013 Critical Patch Update (CPU) and is, therefore, potentially affected by security issues in the following components :

  • Oracle Spatial

  • Enterprise Manager Base Platform

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(63623);
  script_version("1.21");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2012-3219",
    "CVE-2012-3220",
    "CVE-2012-5062",
    "CVE-2013-0352",
    "CVE-2013-0353",
    "CVE-2013-0354",
    "CVE-2013-0355",
    "CVE-2013-0358",
    "CVE-2013-0372",
    "CVE-2013-0373",
    "CVE-2013-0374"
  );
  script_bugtraq_id(
    57336,
    57349,
    57354,
    57361,
    57365,
    57368,
    57370,
    57372,
    57373,
    57378,
    57382
  );

  script_name(english:"Oracle Database Multiple Vulnerabilities (January 2013 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle database server is missing the January 2013 Critical
Patch Update (CPU) and is, therefore, potentially affected by security
issues in the following components :

  - Oracle Spatial

  - Enterprise Manager Base Platform");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525775/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525776/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525779/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525782/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525783/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525784/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525786/30/0/threaded");
  # http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b56cce0c");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the January 2013 Oracle
Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3220");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/01/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/18");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin");

  exit(0);
}

include("oracle_rdbms_cpu_func.inc");

################################################################################
# JAN2013
patches = make_nested_array();

# RDBMS 11.1.0.7
patches["11.1.0.7"]["db"]["nix"] = make_array("patch_level", "11.1.0.7.14", "CPU", "14841452, 14739378");
patches["11.1.0.7"]["db"]["win32"] = make_array("patch_level", "11.1.0.7.51", "CPU", "15848066");
patches["11.1.0.7"]["db"]["win64"] = make_array("patch_level", "11.1.0.7.51", "CPU", "15848067");
# RDBMS 11.2.0.2
patches["11.2.0.2"]["db"]["nix"] = make_array("patch_level", "11.2.0.2.9", "CPU", "14841437, 14727315");
patches["11.2.0.2"]["db"]["win32"] = make_array("patch_level", "11.2.0.2.23", "CPU", "16100398");
patches["11.2.0.2"]["db"]["win64"] = make_array("patch_level", "11.2.0.2.23", "CPU", "16100399");
# RDBMS 11.2.0.3
patches["11.2.0.3"]["db"]["nix"] = make_array("patch_level", "11.2.0.3.5", "CPU", "14841409, 14727310");
patches["11.2.0.3"]["db"]["win32"] = make_array("patch_level", "11.2.0.3.15", "CPU", "16042647");
patches["11.2.0.3"]["db"]["win64"] = make_array("patch_level", "11.2.0.3.15", "CPU", "16042648");
# RDBMS 10.2.0.5
patches["10.2.0.5"]["db"]["nix"] = make_array("patch_level", "10.2.0.5.10", "CPU", "14841459, 14727319");
patches["10.2.0.5"]["db"]["win32"] = make_array("patch_level", "10.2.0.5.20", "CPU", "15848060");
patches["10.2.0.5"]["db"]["win64"] = make_array("patch_level", "10.2.0.5.20", "CPU", "15848062");
# RDBMS 10.2.0.4
patches["10.2.0.4"]["db"]["nix"] = make_array("patch_level", "10.2.0.4.15", "CPU", "14841471, 14736542");

check_oracle_database(patches:patches, high_risk:TRUE);
VendorProductVersionCPE
oracledatabase_servercpe:/a:oracle:database_server

References

Related

securityvulns 11
cve 11
prion 11
nvd 11
cvelist 11
threatpost 1
oracle 1
securityvulns
securityvulns
TeamSHATTER Security Advisory: Oracle EM Segment Advisor Arbitrary URL redirection/phishing (CVE-2012-3219)
2013-02-24 00:00:00
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (advReplicationAdmin) (CVE-2013-0372)
2013-02-24 00:00:00
TeamSHATTER Security Advisory: Oracle Database GeoRaster API overflow (CVE-2012-3220)
2013-02-24 00:00:00
cve
cve
CVE-2012-3220
2013-01-17 01:55:03
CVE-2013-0372
2013-01-17 01:55:04
CVE-2012-3219
2013-01-17 01:55:02
prion
prion
Design/Logic Flaw
2013-01-17 01:55:00
Design/Logic Flaw
2013-01-17 01:55:00
Code injection
2013-01-17 01:55:00
nvd
nvd
CVE-2012-3220
2013-01-17 01:55:03
CVE-2012-3219
2013-01-17 01:55:02
CVE-2012-5062
2013-01-17 01:55:03
cvelist
cvelist
CVE-2012-3220
2013-01-17 01:30:00
CVE-2012-3219
2013-01-17 01:30:00
CVE-2012-5062
2013-01-17 01:30:00
threatpost
threatpost
Oracle Releases 86 Patches in its January Critical Patch Update
2013-01-16 14:25:53
oracle
oracle
Oracle Critical Patch Update - January 2013
2013-01-15 00:00:00

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.5%

JSON
Related for ORACLE_RDBMS_CPU_JAN_2013.NASL
securityvulns11cve11prion11nvd11cvelist11threatpost1oracle1