cancel
Showing results for 
Search instead for 
Did you mean: 

Issue with Oracle False Positives?

I have a problem with MVM reporting Oracle false positives and identifying High vulnerabilities with databases when in fact they are not vulnerable at all.

For example:

CVE-2010-0860 - Oracle Database Core RDBMS Component Vulnerability

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to the Create User privilege.

When the scan runs and checks the response from the system for this vulnerability my system returns the DB version as 10.2.0.3 to MVM which is not vulnerable to this CVE but MVM still reports it in the scan results as being a High vulnerability which does not make sense since the system is not vulnerable. Is this normal or is it something that should be reported to McAfee for a fix, solution or workaround?

Thanks for any responses or help on this.

3 Replies
cgrim
Level 13
Report Inappropriate Content
Message 2 of 4

Re: Issue with Oracle False Positives?

Hi dieder15,

You might have an older version of that script.  I can see the script was updated on April-5th, and the documentation actually now says:

An unspecified vulnerability exists in the core RDBMS component for some versions of Oracle Database that allows malicious remote network traffic to affect the confidentiality,integrity, and availability of a target system.

Which is slightly different than what you quoted, and that is why I think you have an older (possibly FP prone) version of the script.

Can you make sure to run FSUPdate to get the latest FSL Content Package, and re-scan to confirm.

If you still see the issue, follow the instructions here (https://kc.mcafee.com/corporate/index?page=content&id=KB55996)  to run FSDiag using the script (misc-oracle-core-rdbms-component-vuln-CVE-2010-0860.fasl3), and open a Service Request to address it.

I hope that helps!
Cathy

Re: Issue with Oracle False Positives?

HI Cathy:

Thanks for your reply, I checked and the FSL contect packages are up to date and have the same observation as what you specified above. What I originally quoted was the vulnerability details from the NIST site (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0860) when you click the CVE link in the Vulnerability Details from the scan. The NIST site lists the affected versions for this vulnerability which does not list our version - 10.2.0.3

I guess opening a Service Request would be the next step to have it addressed?

Thanks,

Mike

cgrim
Level 13
Report Inappropriate Content
Message 4 of 4

Re: Issue with Oracle False Positives?

Hi Mike,

Yes, run FSDiag using the tool+instructions in the link I gave above, and attach the results to the Service Request.  If it's a real FP, they are usually pretty quick to fix them.

Have a great day!
Cathy

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community