Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
500 Views 3 Replies Latest reply: May 1, 2013 10:29 AM by cgrim RSS
dieder15 Newcomer 4 posts since
Jun 4, 2012
Currently Being Moderated

Apr 30, 2013 1:52 PM

Issue with Oracle False Positives?

I have a problem with MVM reporting Oracle false positives and identifying High vulnerabilities with databases when in fact they are not vulnerable at all.

 

For example:

 

CVE-2010-0860 - Oracle Database Core RDBMS Component Vulnerability

 

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to the Create User privilege.

 

 

When the scan runs and checks the response from the system for this vulnerability my system returns the DB version as 10.2.0.3 to MVM which is not vulnerable to this CVE but MVM still reports it in the scan results as being a High vulnerability which does not make sense since the system is not vulnerable. Is this normal or is it something that should be reported to McAfee for a fix, solution or workaround?

 

Thanks for any responses or help on this.

  • Community Leader 479 posts since
    Nov 3, 2009
    Currently Being Moderated
    1. Apr 30, 2013 2:45 PM (in response to dieder15)
    Re: Issue with Oracle False Positives?

    Hi dieder15,

     

    You might have an older version of that script.  I can see the script was updated on April-5th, and the documentation actually now says:

     

    An unspecified vulnerability exists in the core RDBMS component for some versions of Oracle Database that allows malicious remote network traffic to affect the confidentiality,integrity, and availability of a target system.

     

    Which is slightly different than what you quoted, and that is why I think you have an older (possibly FP prone) version of the script.

     

    Can you make sure to run FSUPdate to get the latest FSL Content Package, and re-scan to confirm.

     

    If you still see the issue, follow the instructions here (https://kc.mcafee.com/corporate/index?page=content&id=KB55996)  to run FSDiag using the script (misc-oracle-core-rdbms-component-vuln-CVE-2010-0860.fasl3), and open a Service Request to address it.

     

    I hope that helps!
    Cathy

  • Community Leader 479 posts since
    Nov 3, 2009
    Currently Being Moderated
    3. May 1, 2013 10:29 AM (in response to dieder15)
    Re: Issue with Oracle False Positives?

    Hi Mike,

     

    Yes, run FSDiag using the tool+instructions in the link I gave above, and attach the results to the Service Request.  If it's a real FP, they are usually pretty quick to fix them.

     

    Have a great day!
    Cathy

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points