O112-C1-011100 - Vendor-supported software must be evaluated and patched against newly found vulnerabilities.

Information

Security faults with software applications and operating systems are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (including any contractor to the organization) are required to promptly install security-relevant software updates (e.g., patches, service packs, and hot fixes). Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling, must also be addressed expeditiously.

Anytime new software code is introduced to a system there is the potential for unintended consequences. There have been documented instances where the application of a patch has caused problems with system integrity or availability. Due to information system integrity and availability concerns, organizations must give careful consideration to the methodology used to carry out automatic updates.

Unsupported software versions are not patched by vendors to address newly discovered security versions. An unpatched version is vulnerable to attack.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Upgrade the DBMS to a vendor-supported version.

Apply the latest DBMS patches.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11-2g_V2R5_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-2c., CAT|I, CCI|CCI-002605, Rule-ID|SV-238432r961683_rule, STIG-ID|O112-C1-011100, STIG-Legacy|SV-66543, STIG-Legacy|V-52327, Vuln-ID|V-238432

Plugin: Unix

Control ID: 9f1b0a3c6ee0bb8962cd3e8443911ae979c0eb7294fdf5adf8953a11724112b8