Oracle Products Multiple Unspecified Vulnerabilities - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

Oracle Products Multiple Unspecified Vulnerabilities

Secunia Advisory:	SA15991
Release Date:	2005-07-13
Last Update:	2006-02-07

Critical:	Moderately critical
Impact:	Unknown Cross Site Scripting Manipulation of data Exposure of sensitive information DoS
Where:	From remote
Solution Status:	Partial Fix

Software:	Oracle Application Server 10g Oracle Applications 11.x Oracle Applications 11i Oracle Database 10.x Oracle Database 8.x Oracle E-Business Suite 11i Oracle Enterprise Manager 10.x Oracle Enterprise Manager 9.x Oracle JInitiator 1.x Oracle9i Application Server Oracle9i Collaboration Suite Oracle9i Database Enterprise Edition Oracle9i Database Standard Edition

CVE reference:	CVE-2005-2291 (Secunia mirror) CVE-2005-2292 (Secunia mirror) CVE-2005-2293 (Secunia mirror) CVE-2005-2294 (Secunia mirror) CVE-2005-3204 (Secunia mirror) CVE-2005-3205 (Secunia mirror) CVE-2005-3206 (Secunia mirror) CVE-2005-3207 (Secunia mirror)



Description: 47 vulnerabilities have been reported in various Oracle products. Some have an unknown impact, and others can be exploited to conduct cross-site scripting attacks, cause a DoS (Denial of Service), gain knowledge of sensitive information, or to manipulate data. Details have been disclosed for the following vulnerabilities: 1) JDeveloper starts sqlplus using a plain text password as a parameter. 2) Database passwords are stored in plain text in the JDeveloper configuration files, "IDEConnections.xml", "XSQLConfig.xml", and "settings.xml" . 3) Temporary files created by Oracle Forms Builder in the local "temp" directory contain plain text username and password of the current database connection used by Forms Builder. These files are not deleted when Forms Builder exits. 4) Oracle Forms application creates a temporary file in the "/tmp" directory of the application server if the number of records retrieved from the database exceeds the parameter "buffered records". This temporary file is world-readable and contains an unencrypted copy of the retrieved database records. This potentially allows local users to gain knowledge of sensitive information. 5) Several unspecified SQL injection and parameter manipulation vulnerabilities in the Oracle E-Business Suite can be exploited to execute malicious SQL statements in the database with privileges of the application database account. 6) An unspecified error in the CWM2_OLAP_AW_AWUTIL package can be exploited by malicious users to cause a DoS. 7) Certain input passed to the init function in the ORASSO.WPG_SESSION package and the EventQueueDisplay function in the OWF_MGR.WF_EVENT_HTML package isn't properly verified. This can be exploited to inject and execute arbitrary SQL code with the privileges of the package owner. 8) Certain input passed to the web interface of Oracle XMLDB and Oracle iSQLPlus isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 9) The problem is that it is possible to shut down the TNS Listener via a specially crafted URL in Oracle Forms and iSQLPlus. The following supported products are affected by one or more of the vulnerabilities: * Oracle Database 10g Release 1, versions 10.1.0.2, 10.1.0.3, 10.1.0.4 * Oracle9i Database Server Release 2, versions 9.2.0.5, 9.2.0.6 * Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5, 9.0.1.5 FIPS * Oracle8i Database Server Release 3, version 8.1.7.4 * Oracle8 Database Release 8.0.6, version 8.0.6.3 * Oracle Enterprise Manager Grid Control 10g, versions 10.1.0.2, 10.1.0.3 * Oracle Enterprise Manager 10g Database Control, versions 10.1.0.2, 10.1.0.3, 10.1.0.4 * Oracle Enterprise Manager Application Server Control, versions 9.0.4.0, 9.0.4.1 * Oracle Application Server 10g (9.0.4), versions 9.0.4.0, 9.0.4.1 * Oracle9i Application Server Release 2, versions 9.0.2.3, 9.0.3.1 * Oracle9i Application Server Release 1, version 1.0.2.2 * Oracle Collaboration Suite Release 2, versions 9.0.4.1, 9.0.4.2 * Oracle E-Business Suite and Applications Release 11i, versions 11.5.1 through 11.5.10 * Oracle E-Business Suite and Applications Release 11.0 * Oracle Workflow, versions 11.5.1 through 11.5.9.5 * Oracle Forms and Reports, versions 4.5.10.22, 6.0.8.25 * Oracle JInitiator, versions 1.1.8, 1.3.1 * Oracle Developer Suite, versions 9.0.2.3, 9.0.4, 9.0.4.1, 9.0.5, 10.1.2 * Oracle Express Server, version 6.3.4.0 Solution: Apply patches. http://metalink.oracle.com/metalink/p...t?p_database_id=NOT&p_id=311088.1 Oracle reportedly forgot to address one of the DoS vulnerabilities in version 9iR2. Remove EXECUTE permissions on the CWM2_OLAP_AW_AWUTIL package for untrusted users. Provided and/or discovered by: 1-4, 8-9) Alexander Kornbrust, Red Database Security. 5) Stephen Kost, Integrigy. 6) Esteban Martínez Fayó, Argeniss. 7) Aaron Newman, Application Security Inc. The vendor also credits the following people: * Gerhard Eschelbeck, Qualys Inc. * Esteban Martínez Fayó, Application Security Inc. * David Litchfield, NGSSoftware. * Michael Murray, nCircle Network Security. * Mike Sues, Rigel Kent Security. Changelog: 2005-07-14: Added link to US-CERT vulnerability note. 2005-07-15: Added additional link to Red Database Security. 2005-07-18: Added CVE references. 2005-07-25: Added information about additional vulnerability, which the vendor by mistake didn't fix in Oracle Database Server 9iR2. 2005-08-04: Added information provided by Application Security Inc. 2005-10-07: Added details provided by Alexander Kornbrust. 2006-01-19: Added CVE references. 2006-02-07: Updated affected software. Original Advisory: Oracle: http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html Red Database Security: http://www.red-database-security.com/...eloper_passes_plaintext_password.html http://www.red-database-security.com/...le_jdeveloper_plaintext_password.html http://www.red-database-security.com/...cle_formsbuilder_temp_file_issue.html http://www.red-database-security.com/...orms_unsecure_temp_file_handling.html http://www.red-database-security.com/...pu_july_2005_silently_fixed_bugs.html http://www.red-database-security.com/advisory/oracle_xmldb_css.html http://www.red-database-security.com/advisory/oracle_isqlplus_css.html http://www.red-database-security.com/advisory/oracle_forms_shutdown.html http://www.red-database-security.com/advisory/oracle_isqlplus_shutdown.html Integrigy: http://www.integrigy.com/alerts/OraCPU0705.htm Argeniss: http://www.argeniss.com/research/CWM2_OLAP_AW_AWUTILVuln.txt Application Security Inc: http://www.appsecinc.com/resources/alerts/oracle/2005-06.html http://www.appsecinc.com/resources/alerts/oracle/2005-07.html http://www.appsecinc.com/resources/alerts/oracle/2005-08.html http://www.appsecinc.com/resources/alerts/oracle/2005-09.html Other References: US-CERT VU#613562: http://www.kb.cert.org/vuls/id/613562



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

53 Related Secunia Security Advisories, displaying 10

1. Oracle Products Multiple Vulnerabilities

2. Oracle Application Server Portal Authentication Bypass

3. Oracle Products Multiple Vulnerabilities

4. Oracle Products Multiple Vulnerabilities

5. Oracle Database PITRIG_DROPMETADATA Buffer Overflow Vulnerability

6. Oracle Products Multiple Vulnerabilities

7. Oracle JInitiator "beans.ocx" ActiveX Control Buffer Overflow Vulnerabilities

8. Oracle Products Multiple Vulnerabilities

9. Oracle Rapid Install Cross-Site Scripting Vulnerability

10. Oracle Products Multiple Vulnerabilities

Show all related advisories

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Opera Multiple Vulnerabilities

2.	Microsoft Access Snapshot Viewer ActiveX Control Vulnerability

3.	vBulletin Private Message Subject Script Insertion

4.	Microsoft Office Filters Multiple Vulnerabilities

5.	rPath update for kernel and xen

6.	Programs Rating "id" SQL Injection Vulnerability

7.	neon "parse_domain() " Denial of Service Vulnerability

8.	Folder Lock Weak Password Encryption Security Issue

9.	SunShop Shopping Cart class.ajax.php SQL Injection Vulnerabilities

10.	Anzio Web Print Object (WePO) ActiveX Component "mainurl" Buffer Overflow