Case Project: Determining Vulnerabilities for a Database Server
You have interviewed Ms. Erin Roye, an IT staff member, after conducting your initial security resting of the Alexander Rocco Corporation. She informs you that the company is running Oracle 10: for its personnel database. You decide to research whether Oracle 10g has any known vulnerabilities that you can include in your report to Ms. Roye. You don't know whether Ms. Roye has installed any patches or software fixes; you simply want to create a report with general information.
Based on this information, write a memo to Ms. Roye describing any CVEs (common vulnerabilities and exposures) or CAN (candidate) documents you found related to Oracle 10g. (Hint: A search at US-CERT, www.us-certgov, can save you a lot of time.) If you do find vulnerabilities, your memo should include recommendations and be written in a way that doesn't generate fear or uncertainty but encourages prudent decision making.