|
Oracle Products 85 Unspecified Vulnerabilities
|
|
Secunia Advisory:
|
SA17250
|
|
|
Release Date:
|
2005-10-19
|
|
Last Update:
|
2006-10-25
|
|
Popularity:
|
21,010 views
|
|
|
Critical:
|
 Highly critical
|
|
Impact:
|
Unknown Cross Site Scripting Manipulation of data System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | JD Edwards EnterpriseOne Tools 8.x JD Edwards OneWorld Tools 8.x Oracle Application Server 10g Oracle Collaboration Suite 10.x Oracle Database 10.x Oracle Database 8.x Oracle Developer Suite 10g Oracle E-Business Suite 11i Oracle Enterprise Manager 10.x Oracle Enterprise Manager 9.x Oracle9i Application Server Oracle9i Collaboration Suite Oracle9i Database Enterprise Edition Oracle9i Database Standard Edition PeopleSoft Enterprise Customer Relationship Management (CRM) 8.x PeopleSoft EnterpriseOne Applications 8.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
| | CVE reference: | CVE-2005-0873
|
|
Description: 85 vulnerabilities have been reported in various Oracle products. Some have an unknown impact, and others can be exploited to conduct PL/SQL injection attacks, cross-site scripting attacks, or potentially to compromise a vulnerable system.
Details have been disclosed for the following vulnerabilities:
1) A buffer overflow vulnerability and seventeen PL/SQL injection vulnerabilities exists in Oracle Database 10g and Oracle9i Database Server.
2) Some input passed to "test.jsp" of the Oracle Reports Server isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) Some Oracle Applications database accounts have excessive system privileges assigned, and some default application accounts are enabled and have default passwords.
4) Input passed to the "end date" field in "wf_route.CreateRule", and to the "response form" field in "wf_monitor.find_instance", isn't properly sanitised before being returned to the Oracle Workflow user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
5) A boundary error in the Oracle Agent, "emagent.exe", can be exploited to cause a stack-based buffer overflow in the Oracleoracleas1ASControl service and allows arbitrary code execution with SYSTEM privileges. The Oracle Agent is included with Oracle Application Server 10g and possibly other Oracle products.
6) The session URL rewriting function of the Oracle Application Server does not properly sanitise certain characters when resetting session management parameters. This can be exploited to conduct HTTP response splitting or cross-site scripting attacks.
7) Boundary errors in several packaged procedures of the Oracle Database e.g "sys.pbsde.init" may be exploited by malicious users to cause a buffer overflow.
8) Unspecified input is not properly sanitised in the SYS.KUPV$FILE package before being used in a SQL query. This can be exploited to manipulate a SQL query by injecting arbitrary SQL code.
The following supported products are affected by one or more of the vulnerabilities:
* Oracle Database Server 10g Release 1, versions 10.1.0.3, 10.1.0.4
* Oracle9i Database Server Release 2, versions 9.2.0.5, 9.2.0.6, 9.2.0.7
* Oracle8i Database Server Release 3, version 8.1.7.4
* Oracle Enterprise Manager 10g Grid Control, versions 10.1.0.3, 10.1.0.4
* Oracle Application Server 10g Release 2, versions 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2
* Oracle Application Server 10g Release 1 (9.0.4), versions 9.0.4.1, 9.0.4.2
* Oracle Collaboration Suite 10g Release 1, version 10.1.1
* Oracle9i Collaboration Suite Release 2, version 9.0.4.2
* Oracle E-Business Suite Release 11i, versions 11.5.1 through 11.5.10 and 11.5.10 CU2
* Oracle E-Business Suite Release 11.0
* Oracle Clinical, versions 4.5.0 and 4.5.1
* PeopleSoft Enterprise Tools, versions 8.1 through 8.46.03
* PeopleSoft CRM, versions 8.81 through 8.9
* JD Edwards EnterpriseOne, OneWorld XE, versions 8.95_B1, 8.94_Q1, SP23_K1
* Oracle Database Server 10g Release 1, version 10.1.0.4.2
* Oracle Developer Suite, versions 9.0.2.1, 9.0.4.1, 9.0.4.2, 10.1.2.0
* Oracle Enterprise Manager Application Server Control, versions 9.0.4.1, 9.0.4.2
* Oracle Enterprise Manager 10g Database Control, versions 10.1.0.3, 10.1.0.4
* Oracle Workflow, versions 11.5.1 through 11.5.9.5
* Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5, 9.0.1.5 FIPS
* Oracle8 Database Server Release 8.0.6, version 8.0.6.3
* Oracle9i Application Server Release 2, versions 9.0.2.3, 9.0.3.1
* Oracle9i Application Server Release 1, version 1.0.2.2
Solution: Apply patches.
http://metalink.oracle.com/metalink/p...t?p_database_id=NOT&p_id=333954.1
NOTE: Some of the vulnerabilities reportedly have not been fully addressed by the patch.
Provided and/or discovered by: 1) David Litchfield, NGSSoftware.
2) Paolo
4+8) Alexander Kornbrust, Red Database Security
5) Sacha Faust, S.P.I. Dynamics, Inc.
6) Keigo Yamazaki, Little eArth Corporation Co., Ltd.
The vendor also credits the following people:
* Brian Carr
* Esteban Martínez Fayo, Application Security, Inc.
* Steven Kost, Integrigy Corporation
* noderat ratty
Changelog: 2005-10-20: Added link to US-CERT vulnerability note. Updated "Description Section" and "Original Advisory" sections.
2005-10-21: Added vulnerability information. Updated "Description Section", "Original Advisory" and credit sections. Added link to US-CERT vulnerability note.
2005-10-24: Added links to US-CERT vulnerability note.
2005-11-03: Added link to "Original Advisory". Updated "Description" section.
2006-04-26: Added information about additional vulnerability.
2006-10-24: Added link to US-CERT.
Original Advisory: Oracle:
http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html
Integrigy:
http://www.integrigy.com/alerts/OraCPU1005.htm
Red Database Security:
http://www.red-database-security.com/advisory/oracle_workflow_css_wf_route.html
http://www.red-database-security.com/...y/oracle_workflow_css_wf_monitor.html
http://www.red-database-security.com/advisory/details_oracle_cpu_october.html
http://www.red-database-security.com/...y/oracle_sql_injection_kupv$file.html
S.P.I. Dynamics, Inc.:
http://www.spidynamics.com/spilabs/advisories/oracle-emagentoverflow.html
Little eArth Corporation Co., Ltd.:
http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/84_e.html
Application Security, Inc.:
http://www.appsecinc.com/resources/alerts/oracle/2005-10.html
Other References: US-CERT VU#210524:
http://www.kb.cert.org/vuls/id/210524
US-CERT VU#865948:
http://www.kb.cert.org/vuls/id/865948
US-CERT VU#449444:
http://www.kb.cert.org/vuls/id/449444
US-CERT VU#265700:
http://www.kb.cert.org/vuls/id/265700
US-CERT VU#609340:
http://www.kb.cert.org/vuls/id/609340
US-CERT VU#150508:
http://www.kb.cert.org/vuls/id/150508
US-CERT VU#171364:
http://www.kb.cert.org/vuls/id/171364
US-CERT VU#512716:
http://www.kb.cert.org/vuls/id/512716
US-CERT VU#890940:
http://www.kb.cert.org/vuls/id/890940
US-CERT VU#376756:
http://www.kb.cert.org/vuls/id/376756
US-CERT VU#642868
http://www.kb.cert.org/vuls/id/642868
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
Today
|
New advisories:
|
14 |
|
New vulnerabilities:
|
18 |
|
Updated advisories:
|
22 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Solutions | More...
|
|