search cancel

Vulnerability scanner reports that vulnerabilities that the latest Oracle CPU should have addressed

book

Article ID: 164037

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

You have completed a successful installation of a recent Oracle Critical Patch Update (CPU), which is a cumulative security patch issued by Oracle for its database.

Yet, when running a vulnerability scan (such as Nessus, Nmap, etc.) against the server, a number of vulnerabilities are reported that should have been addressed by the most recent CPU applied.

The remote Oracle database server is missing the October 2014 Critical Patch Update (CPU). It is, therefore, affected by security issues
in the following components

Environment

Latest Oracle CPU, OCT 2016, on Oracle 11.2.0.4, for example.

Cause

The latest CPUs for oracle 11.2.0.4 do not appear to be correctly updating the Oracle Patch History table in the database.

Resolution

Use the "Opatch" utility in Oracle that will return the details of the patches applied.

Details on commands and parameters: https://docs.oracle.com/cd/B16240_01/doc/em.102/e15294/options.htm

 

opatch lsinventory -bugs_fixed

 

C:\oracle\product\11.2.0.3\db_1\OPatch>opatch lsinventory -bugs_fixed

Oracle Interim Patch Installer version 11.2.0.1.9
Copyright (c) 2011, Oracle Corporation.  All rights reserved.


Oracle Home       : C:\oracle\product\11.2.0.3\db_1
Central Inventory : C:\Program Files\Oracle\Inventory
   from           : n/a
OPatch version    : 11.2.0.1.9
OUI version       : 11.2.0.3.0
Log file location : C:\oracle\product\11.2.0.3\db_1\cfgtoollogs\opatch\opatch2016-12-07_05-47-58AM.log

Lsinventory Output file location : C:\oracle\product\11.2.0.3\db_1\cfgtoollogs\opatch\lsinv\lsinventory2016

------------------------------------------------------------------------------------------------------
Installed Top-level Products (1):

Oracle Database 11g                                                  11.2.0.3.0
There are 1 products installed in this Oracle Home.


List of Bugs fixed by Installed Patches:

Bug        Fixed by  Installed at                   Description
            Patch
---        --------  ------------                   -----------

3522216    13885389  Thu Aug 02 21:35:07 PKT 2012   WRONG PREDICATE DISPLAYING BY UTLXPLS.SQL
8631856    13885389  Thu Aug 02 21:35:07 PKT 2012   XF11.2EVXDB - TRC - QCSPREVFRO
9659614    13885389  Thu Aug 02 21:35:07 PKT 2012   HUGE ORA-8103 TRACE FILES GENERATED AFTER PATCH
                                                    7519406 APPLIED
9703627    13885389  Thu Aug 02 21:35:07 PKT 2012   11.2.0.2 ROOT USE OF A1SMCMD PLACES ALERT.LOG IN
                                                    USER DIRECTORY
10215977   13885389  Thu Aug 02 21:35:07 PKT 2012   DBMV2-BIGBH ORA-600[KCCBCK_BDI] WHEN BACKUP
                                                    CONTROLFILE CONCURRENTLY
10350832   13885389  Thu Aug 02 21:35:07 PKT 2012   FINISH_REDEF_TABLE HAS SLIM CHANGE IN GETTING X
                                                    DML LOCK
10357727   13885389  Thu Aug 02 21:35:07 PKT 2012   LINQEF ORA932 ERROR FOR STRING.EQUAL IF EMPTY
                                                    STRING VARIABLE IS INVOLVED
11063191   13885389  Thu Aug 02 21:35:07 PKT 2012   ORA-4031 WITH HINT CURSOR_SHARING_EXACT EXCESSIVE
                                                    KKSSP NN MEMORY
11665727   13885389  Thu Aug 02 21:35:07 PKT 2012   LSX-00249 ON SCHEMAVALIDATE() WITH NLS_NUMERIC_CHA
                                                    RACTERS=',.'
11772838   13885389  Thu Aug 02 21:35:07 PKT 2012   DB AGENT OVERWRITE POLICY ON LOCAL_LISTENER
11840910   13885389  Thu Aug 02 21:35:07 PKT 2012   ORA-604 DURING STARTUP WITH SYSOPER
11846902   13885389  Thu Aug 02 21:35:07 PKT 2012   MISSING ENTRIES FROM RAC REDO LOG DURING ADHOC
                                                    LOGMINER SESSION
11865420   13885389  Thu Aug 02 21:35:07 PKT 2012   INSERT SELECT WITH ERROR LOGGING IS SLOW, KDT
                                                    BUFFERING IS DISABLED
11877623   13885389  Thu Aug 02 21:35:07 PKT 2012   ORA-600 [17273]
11883969   13885389  Thu Aug 02 21:35:07 PKT 2012   DEFAULT TABLESPACE FOR STRUCTURED XML INDEX TABLE
12349553   13885389  Thu Aug 02 21:35:07 PKT 2012   VIP ON FORMER PRIMARY NIC CAN NOT BE CLEARD WHEN

 

<...snip...>


13652493   13885389  Thu Aug 02 21:35:07 PKT 2012   EF INCORRECT PL/SQL ANONYMOUS BLOCK IS GENERATED
                                                    FOR UPDATE
13683125   13885389  Thu Aug 02 21:35:07 PKT 2012   ASSOCIATE BUG WITH SHORWITZ_BUG-11822454
13709220   13885389  Thu Aug 02 21:35:07 PKT 2012   ORA-10663 WHEN SHRINKING A MASTER TABLE OF AN
                                                    MVIEW WITH PRIMARY KEY
13718476   13885389  Thu Aug 02 21:35:07 PKT 2012   IGNORE PRED BAST TO EXCLUSIVE LOCK
13724992   13885389  Thu Aug 02 21:35:07 PKT 2012   EF ENTITY NOT UPDATED AFTER SAVECHANGES USING STOR
                                                    EGENERATEDPATTERN
13767921   13885389  Thu Aug 02 21:35:07 PKT 2012   ORA-1426 DURING DBMS_REDEFINITION.START_REDEF_TABL
                                                    E
13787482   13885389  Thu Aug 02 21:35:07 PKT 2012   PDIT GSI11G CDC PURGE ROUTINE INVALIDATING CUSTOM
                                                    INDEXES
13791443   13885389  Thu Aug 02 21:35:07 PKT 2012   RUP2ST3 STARTER GLOBAL SEARCH DISPLAYS ERROR
13807411   13885389  Thu Aug 02 21:35:07 PKT 2012   SOA ORA-600 [KCBCHG1_38]
13873471   13885389  Thu Aug 02 21:35:07 PKT 2012   CTX_DDL.INSERT_MVDATA_VALUES PERFORMANCE
                                                    DEGRADATION IN 11.2.0.3
13885389   13885389  Thu Aug 02 21:35:07 PKT 2012   ORACLE 11G 11.2.0.3 PATCH 5 BUG FOR WINDOWS
                                                    (64-BIT AMD64 AND INTEL EM64)
13886023   13885389  Thu Aug 02 21:35:07 PKT 2012   GI PSU 11.2.0.3.2 RC FAILS TO INSTALL ON 32-BIT
                                                    2.6.32-300 KERNEL DUE TO ACFS
13942723   13885389  Thu Aug 02 21:35:07 PKT 2012   SRVCTL, DBCA, NETCA, DEINSTALL TOOL CAN'T BE USED
                                                    AFTER APPLYING 11.2.0.3 PATCH4

------------------------------------------------------------------------------------------------------

OPatch succeeded.