Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-5658 | DG0001-ORACLE11 | SV-24339r1_rule | VIVM-1 | High |
Description |
---|
Unsupported software versions are not patched by vendors to address newly discovered security versions. An unpatched version is vulnerable to attack. |
STIG | Date |
---|---|
Oracle 11 Database Installation STIG | 2014-01-14 |
Check Text ( C-28293r1_chk ) |
---|
From SQL*Plus: select banner from v$version where banner like 'Oracle%'; Currently supported Oracle 11g versions as of 10/2009 are: 11.1 - Premier Support for 11.1 ends 31 Aug 2012 Extended Support for 11.1 available after 31 Aug 2012 Sustaining Support for 11.1 available after 31 Aug 2015 11.2 - Premier Support for 11.2 ends 31 Jan 2015 Extended Support for 11.2 ends 31 Jan 2018 Sustaining Support for 11.1 available after 31 Jan 2018 If the Oracle version is not in the list above or is not supported with a purchased extended support contract, this is a Finding. Note: Sustaining Support does not include security updates. Any product in Sustaining Support is a Finding. A patchset is an 'amended code set', consisting of a number of bug fixes, which is subjected to a rigorous QA and certification process. Oracle patch sets update the Oracle version number (e.g. 10.2.0.3 to 10.2.0.4) and are usually bundled together to support a product family (for example, Oracle DBMS includes Enterprise, Standard, Personal and Client Editions). Currently supported patched versions as of 6/2010 are: 11.2.0.1.0 (Select Platforms) 11.1.0.7.0 If the Oracle patchset level is less than that listed above, this is a Finding. |
Fix Text (F-22570r1_fix) |
---|
Upgrade to a supported Oracle version. Purchase an Oracle Extended Support Contract where required. See http://www.oracle.com/technology/support/patches.htm for a definitive list of version patch sets for Oracle DBMS software. See http://www.oracle.com/support/library/brochure/lifetime-support-technology.pdf for Oracle support policies and timelines. |