Another day, another vulnerability that needs to be patched as soon as possible. Oracle has informed of a security flaw that affects Oracle Database versions 11.2.0.4 and 12.2.0.1 running on Windows.
Technical Details about CVE-2018-3110
The vulnerability, which is given the CVE-2018-3110 identifier, is trivial to exploit but under the condition of a remote, authenticated attacker. It also doesn’t require user interaction.
A successful exploit may result in complete compromise of the Oracle Database and shell access to the underlying server. CVE-2018-3110 also affects Oracle Database version 12.1.0.2 on Windows as well as Oracle Database on Linux and Unix, however patches for those versions and platforms were included in the July 2018 CPU, the company noted in the underlying advisory.
The CVE-2018-3110 vulnerability resides in the Java Virtual Machine component of Oracle Database Server. If exploited, the vulnerability would allow hackers that have Create Session privilege with network access via Oracle Net to compromise the component.
How to Apply Patches for CVE-2018-3110
As explained by Oracle, “CVE-2018-3110 also affects Oracle Database version 12.1.0.2 on Windows as well as Oracle Database on Linux and Unix, however patches for those versions and platforms were included in the July 2018 CPU”.
In addition, customers running Oracle Database versions 11.2.0.4 and 12.2.0.1 on Windows should apply the patches provided by the Security Alert. As for customers running version 12.1.0.2 on Windows or any version of the database on Linux or Unix, they should apply the July 2018 Critical Patch Update.
It should be noted that the patch is not applicable to client-only installations, such as installations that don’t have the Oracle Database Server installed. The company also advises that the vulnerability should be mitigated “without delay”. It is also not known whether the vulnerability is currently exploited in the wild.
In April 2017, the software company released a security advisory that documented a staggering number of 299 security flaws in most of its products, Oracle Database Server inclusive, as well as Fusion Middleware, Enterprise Manager Base platform, PeopleSoft Enterprise, Java.The flaws in these services could be exploited remotely via HTTP which could lead to the complete hijacking of the vulnerable systems.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: