[VIM] Oracle and CIA

George A. Theall theall at tenablesecurity.com
Mon Mar 12 20:43:27 UTC 2007


On 03/12/07 16:25, security curmudgeon wrote:

> Regarding the Jan CPU from Oracle:
> http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html 
> 
> 
> Did anyone notice that several of the vulnerabilities listed apparently 
> do not impact Confidentiality, Integrity -or- Availability? 
> Mistake/oversight, or something else?
> 
> DB10, DB11, DB12, DB13, etc

There's a note below the table that clarifies those scores as 
representing "problems that are not exploitable in a default database 
environment".

There's been some discussion of Oracle's scoring methodology on the 
CVSS-SIG mailing list. Hopefully now that they've joined the SIG, these 
sorts of issues will fade away.

George
-- 
theall at tenablesecurity.com


More information about the VIM mailing list