Details

Unsupported software versions are not patched by vendors to address newly discovered security versions. An unpatched version is vulnerable to attack.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Upgrade to a supported Oracle version. Purchase an Oracle Extended Support Contract where required.

See http://www.oracle.com/technology/support/patches.htm for a definitive list of version patch sets for Oracle DBMS software.

See http://www.oracle.com/support/library/brochure/lifetime-support-technology.pdf for Oracle support policies and timelines.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Unix.

References

• 800-53|SI-2c.
• CAT|I
• Rule-ID|SV-24339r2_rule
• STIG-ID|DG0001-ORACLE11
• Vuln-ID|V-5658

Source

• Tenable.com/audits