Re: CVEs and Oracle products
Date: Fri, 6 Jun 2014 13:46:34 -0300
Message-ID: <CACH2EDJnRJEauH8sn0OyGb5Fikursty=0iBXvV0MyGS1i7in5g_at_mail.gmail.com>
I also know about mitre.org... e.g.
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=oracle and NIST... e.g. for the OpenSSL CVE:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224
But it refers to openSSL, not to the products running OpenSSL... can't quickly tell if any Oracle products are affected.
On Fri, Jun 6, 2014 at 1:43 PM, Patrice sur GMail <patrice.boivin_at_gmail.com> wrote:
> I was wondering, does Oracle have a CVE equivalency database that would
> let us enter a CVE and find out if it applies to any Oracle products and
> what versions, if any? (Most of the time probably the CVEs don't apply.)
>
> Bureaucrats sometimes forward e-mails about CVE numbers and want us to
> assure them that we're "safe" and entering CVE numbers in My Oracle Support
> doesn't usually turn up anything.
>
> I am guessing that for DBAs in more secure environments this is routine
> stuff, thought maybe someone might be able to provide some pointers.
>
> I know about the typical advice like "stay up-to-date with your software
> versions" -- except for that OpenSSL bug LOL which got some people in
> trouble, no memory sticks or used to be CDs (esp. if people are outside
> your building handing them out for free), passwords are not all that secure
> (some employees are willing to give them up for a little gift at the door),
> social engineering, don't trust your own employees, etc. etc. I am just
> looking for a lookup site somewhere that we might be able to trust.
>
> -- Patrice
> My profiles: [image: Facebook]
> <http://www.facebook.com/home.php?#!/profile.php?id=100000206805521>[image:
> LinkedIn] <http://ca.linkedin.com/pub/patrice-boivin/a/933/5a9>[image:
> Twitter] <http://www.twitter.com/PatriceBoivin>
> <http://www.twitter.com/PatriceBoivin>
> Signature powered by WiseStamp <http://www.wisestamp.com/email-install>
>
-- -- Patrice My profiles: [image: Facebook] <http://www.facebook.com/home.php?#!/profile.php?id=100000206805521>[image: LinkedIn] <http://ca.linkedin.com/pub/patrice-boivin/a/933/5a9>[image: Twitter] <http://www.twitter.com/PatriceBoivin> <http://www.twitter.com/PatriceBoivin> Signature powered by WiseStamp <http://www.wisestamp.com/email-install> -- http://www.freelists.org/webpage/oracle-lReceived on Fri Jun 06 2014 - 18:46:34 CEST