Line 40: oracle_create_job_vuln.nasl
if (version)
{
if(ereg(pattern:".*Version
([0-8]\..*|9\.(0\.([0-3]\.|4\.[01]))|9\.2\..*|10\.(0\..*|1\.0\.[0-2]([^0-9]|$)))"
, string:version))
security_hole(port);
}
Problem: 9\.2\..*
Solution: 9\.2\.0\.[0-5]
?
Matthew Lalumiere
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Coughenour
Sent: Friday, April 08, 2005 12:36 PM
To: [email protected]
Subject: Oracle Alert 86 - false positive?
All - thanks for the responses in advance.
�
Nessus is reporting that Oracle (tnslis vulnerable based on version number and
follow Oracle alert 86 to remediate.� The Oracle version we running is� 9.2.0.6
- recently upgraded to this version.� However - Oracle alert 86 does not make a
reference to this version - either effected or not effected.� Version 9.2.0.4
is listed as vulnerable.
http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
Is this a false positive?� Why does Nessus think 9.2.0.6 is vulnerable?� We
have this is showing on several different machines.
Thanks
�
�
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
