I work in a security company and often we work over Oracle Database for auditing and penetration testing purpose. We are working on a security check list and one of our concern is the patch level
of the installed products. This is quite simple to obtain, via shell or sqlplus, Oracle offer different way to check it out. Once obtained this value how can I verify if the product is on the latest patch level ?
The support site is regulated by the support id. Our customer always have these but we can not ask for their support credential is not fair.
By the way my question is, for a security consultant without any support credential which is the simplest way to obtain the latest patch level present for specific Oracle products ?
Thanks for your time,
You can find the detail at oracle software level
and connect with database as sysdba and can query
SQL>select to_char(ACTION_TIME,'DD-MON-YYYY'),ACTION,VERSION,ID,BUNDLE_SERIES,COMMENTS from DBA_REGISTRY_HISTORY;
You will the patch set no/version information
The question being asked is "for a security consultant without any support credential which is the simplest way to obtain the latest patch level present for specific Oracle products?" NOT how to check the patch level inside the database.
You don't need to have a paid support contract to be informed of Oracle patches and security updates. But you do need a support contract to be able to obtain (download) or read the details of said patches.
Oracle publishes the list on OTN (click on the "View the most recent Critical Patch Advisory" link)