Oracle Security Alert for CVE-2012-3132 - BETA ORACLE CVRF Oracle Security Alert CVE-2012-3132 Final 1.0 1.0 2012-08-10T13:00:00-07:00 Initial Distribution 2012-08-10T13:00:00-07:00 2012-08-10T13:00:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had fixes released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including fix distribution information can be found at the Oracle sites referenced in this document. This document is published at: http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1721030.xml http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html URL to html version of Advisory Oracle Database Version 10.2.0.3 Oracle Database Version 10.2.0.4 Oracle Database Version 10.2.0.5 Oracle Database Version 11.1.0.7 Oracle Database Version 11.2.0.2 Oracle Database Version 11.2.0.3 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session, create table privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS. Note: 11.2.0.2 and 11.2.0.3 do not require patching if the July 2012 Critical Patch Update has been applied. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:P+). Fix has been released CVE-2012-3132 P-5V-10.2.0.3 P-5V-10.2.0.4 P-5V-10.2.0.5 P-5V-11.1.0.7 P-5V-11.2.0.2 P-5V-11.2.0.3 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P CVE-2012-3132 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html P-5V-10.2.0.3 P-5V-10.2.0.4 P-5V-10.2.0.5 P-5V-11.1.0.7 P-5V-11.2.0.2 P-5V-11.2.0.3