Oracle Communications Diameter Signaling Router (DSR)
 
Oracle Communications Policy Management
 

PLA-Other>Development>MOS Prod Dev Family>MOS Prod Dev Area>MOS: Critical Patch Updates
 

In this Document

Purpose

Scope

Details

Applies to:

Purpose

 This document describes the assessment of the CVE-2017-5753 (Spectre v1), CVE-2017-5715 (Spectre v2), and CVE-2017-5754 (Meltdown) vulnerabilities for Oracle Communications Diameter Signaling Router and Oracle Communications Policy Management products.

Scope

 All releases of Oracle Communications Diameter Signaling Router and Oracle Communications Policy Management.

Details

Based on existing information about the CVE-2017-5753 (Spectre v1), CVE-2017-5715 (Spectre v2), and CVE-2017-5754 (Meltdown) vulnerabilities, Oracle Communications Diameter Signaling Router and Oracle Communications Policy Management are not currently believed to be impacted. Oracle does not expect to have to produce patches for these products.

Please refer to the Addendum to the January 2018 CPU Advisory for Spectre (CVE-2017-5715, CVE-2017-5753) and Meltdown (CVE-2017-5754) vulnerabilities (Doc ID 2347948.1)

Please note the ability for a malicious perpetrator to execute discretionary code from an untrusted source is a condition for the exploitation of vulnerabilities CVE-2017-5753 (Spectre v1), CVE-2017-5715 (Spectre v2), and CVE-2017-5754 (Meltdown). However:

• Oracle Communications Diameter Signaling Router and Oracle Communications Policy Management are architected as engineered systems that deploy with a single network application. There is no multi-tenancy hosting and only one customer – the system owner.
• Application users have restricted privileges defined by role-based group membership.
• All software is installed from Oracle source that is verified with automated integrity validation
• Running user-supplied code is not supported.

This solution has no attachment