|
Oracle Products 24 Vulnerabilities
|
|
Secunia Advisory:
|
SA13862
|
|
|
Release Date:
|
2005-01-19
|
|
Last Update:
|
2006-02-01
|
|
Popularity:
|
18,116 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Unknown
Manipulation of data
Exposure of sensitive information
Privilege escalation
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Oracle Application Server 10g
Oracle Applications 11i
Oracle Database 10.x
Oracle Database 8.x
Oracle E-Business Suite 11i
Oracle9i Application Server
Oracle9i Collaboration Suite
Oracle9i Database Enterprise Edition
Oracle9i Database Standard Edition
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
| | CVE reference: | CVE-2005-0297
CVE-2005-0298
CVE-2005-1495
CVE-2005-1496
|
|
Description:
24 vulnerabilities have been reported in various Oracle products. Some have an unknown impact and others can be exploited to disclose sensitive information, gain escalated privileges, conduct PL/SQL injection attacks, manipulate information, or cause a DoS (Denial of Service).
1) A boundary error in the Networking component can be exploited by malicious database users to crash the database via a specially crafted connect string.
Successful exploitation requires permissions to create database links.
2) An unspecified error in the LOB Access component can be exploited to disclose sensitive information.
Successful exploitation requires permissions to read on a database directory object.
3) An unspecified error in the Spatial component can potentially be exploited to disclose information, manipulate data, or cause a DoS.
Successful exploitation requires execute permissions on the mdsys.md2 package.
4) An input validation error in the UTL_FILE component can be exploited to access arbitrary files via directory traversal attacks.
Successful exploitation requires permissions to read on a database directory object.
5) An unspecified error in the Diagnostic component can potentially be exploited to disclose information, manipulate data, or cause a DoS.
6) An unspecified error in the XDB component can potentially be exploited to disclose or manipulate information.
Successful exploitation requires execute permissions on the xdb.dbms_xdb packages.
7+8) Two unspecified errors in the XDB component can potentially be exploited to disclose or manipulate information.
Successful exploitation requires execute permissions on the xdb.dbms_xdbz0 package.
9) An unspecified error in the Dataguard component can potentially be exploited to disclose or manipulate information.
Successful exploitation requires execute permissions on the exfsys.dbms_expfil package.
10) An unspecified error in the Log Miner component can potentially be exploited to disclose or manipulate information.
Successful exploitation requires execute permissions on the dbms_logmnr package.
11) An unspecified error in the OLAP component can potentially be exploited to disclose or manipulate information.
Successful exploitation requires execute permissions on the olapsys package.
12) An unspecified error in the Data Mining component can potentially be exploited to disclose or manipulate information.
Successful exploitation requires execute permissions on the dmsys.dmp_sys package.
13) An unspecified error in the Advanced Queuing component can potentially be exploited to disclose or manipulate information.
Successful exploitation requires execute permissions on the dbms_transform_eximp package.
14) An unspecified error in the Change Data Capture component can potentially be exploited to disclose or manipulate information.
Successful exploitation requires execute permissions on the dbms_cdc_dputil package.
15) An unspecified error in the Change Data Capture component can potentially be exploited to disclose or manipulate information.
Successful exploitation requires execute permissions on the dbms_cdc_impdp package.
16) An unspecified error in the Database Core component can be exploited to disclose or manipulate information.
17) An unspecified error in the OHS component can potentially be exploited to disclose or manipulate information.
Successful exploitation requires execute permissions on the owa_opt_lock package.
18) An unspecified error in the Report Server component can be exploited to disclose or manipulate information.
19) An unspecified error in the Forms component can be exploited to cause a DoS (Denial of Service).
20) An unspecified error in the mod_plsql component can potentially be exploited to disclose or manipulate information.
Successful exploitation requires execute permissions on the owa_opt_lock package.
21) An unspecified error in the Calendar component can potentially be exploited to disclose information, manipulate data, or cause a DoS by viewing a malicious image.
22) An unspecified error in Oracle E-Business Suite can potentially be exploited to disclose or manipulate information.
Successful exploitation requires a valid session.
23) Another unspecified error in Oracle E-Business Suite can potentially also be exploited to disclose or manipulate information.
24) An error allows any user with CREATE JOB privileges to switch the SESSION_USER to SYS by executing a database job via the dbms_scheduler.
A weakness has also been reported, which causes FGA (Fine Grained Auditing) to not work when the SYS user runs a SELECT statement.
The vulnerabilities affect the following versions:
* Oracle Database 10g Release 1, versions 10.1.0.2, 10.1.0.3 and 10.1.0.3.1
* Oracle9i Database Server Release 2, versions 9.2.0.4, 9.2.0.5 and 9.2.0.6
* Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5 and 9.0.4 (9.0.1.5 FIPS)
* Oracle8i Database Server Release 3, version 8.1.7.4
* Oracle8 Database Release 8.0.6, version 8.0.6.3
* Oracle Application Server 10g Release 2 (10.1.2)
* Oracle Application Server 10g (9.0.4), versions 9.0.4.0 and 9.0.4.1
* Oracle9i Application Server Release 2, versions 9.0.2.3 and 9.0.3.1
* Oracle9i Application Server Release 1, version 1.0.2.2
* Oracle Collaboration Suite Release 2, version 9.0.4.2
* Oracle E-Business Suite and Applications Release 11i (11.5)
* Oracle E-Business Suite and Applications Release 11.0
Solution:
Apply patches.
http://metalink.oracle.com/metalink/plsql/showdoc?db=NOT&id=293953.1
The FGA weakness in reportedly not fixed in a fully patched version 9.2.0.6.
Provided and/or discovered by:
4) Cesar Cerrudo
The vendor credits the following people:
* Pete Finnigan
* Alexander Kornbrust, Red Database Security
* Stephen Kost, Integrigy
* David Litchfield, NGSSoftware
Changelog:
2005-01-24: Added link to Integrigy advisory.
2005-02-14: Added CVE references.
2005-03-08: Updated advisory.
2005-05-06: Added additional information from Red Database Security.
2006-02-01: Added CVE references.
Original Advisory:
Oracle:
http://otn.oracle.com/deploy/security/pdf/cpu-jan-2005_advisory.pdf
NGSSoftware:
http://www.nextgenss.com/advisories/oracle-02.txt
Pete Finnigan:
http://www.petefinnigan.com/directory_traversal.pdf
Red Database Security:
http://www.red-database-security.com/content6.html
http://www.red-database-security.com/...acle-fine-grained-auditing-issue.html
http://www.red-database-security.com/...ploit_dbms_scheduler_select_user.html
Integrigy:
http://www.integrigy.com/alerts/OraCPU0105.htm
Argeniss:
http://www.argeniss.com/research/ARGENISS-ADV-030501.txt
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
Today
|
New advisories:
|
14 |
|
New vulnerabilities:
|
18 |
|
Updated advisories:
|
22 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
