|
 |
|
Oracle Products Multiple Vulnerabilities and Security Issues
|
|
|
|
|
Secunia Advisory:
|
SA18493
|
|
|
Release Date:
|
2006-01-18
|
|
Last Update:
|
2006-08-07
|
|
|
Critical:
|

Highly critical
|
|
Impact:
|
Unknown Manipulation of data Exposure of system information Exposure of sensitive information System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | JD Edwards EnterpriseOne Tools 8.x Oracle Application Server 10g Oracle Collaboration Suite 10.x Oracle Database 10.x Oracle Database 8.x Oracle Developer Suite 10g Oracle E-Business Suite 11i Oracle Enterprise Manager 10.x Oracle PeopleSoft Enterprise Portal Solutions 8.x Oracle9i Application Server Oracle9i Collaboration Suite Oracle9i Database Enterprise Edition Oracle9i Database Standard Edition Oracle9i Developer Suite
|
| | CVE reference: | CVE-2005-2371 (Secunia mirror) CVE-2005-2378 (Secunia mirror) CVE-2006-0256 (Secunia mirror) CVE-2006-0257 (Secunia mirror) CVE-2006-0258 (Secunia mirror) CVE-2006-0259 (Secunia mirror) CVE-2006-0260 (Secunia mirror) CVE-2006-0261 (Secunia mirror) CVE-2006-0262 (Secunia mirror) CVE-2006-0263 (Secunia mirror) CVE-2006-0264 (Secunia mirror) CVE-2006-0265 (Secunia mirror) CVE-2006-0266 (Secunia mirror) CVE-2006-0267 (Secunia mirror) CVE-2006-0268 (Secunia mirror) CVE-2006-0269 (Secunia mirror) CVE-2006-0270 (Secunia mirror) CVE-2006-0271 (Secunia mirror) CVE-2006-0272 (Secunia mirror) CVE-2006-0273 (Secunia mirror) CVE-2006-0274 (Secunia mirror) CVE-2006-0275 (Secunia mirror) CVE-2006-0276 (Secunia mirror) CVE-2006-0277 (Secunia mirror) CVE-2006-0278 (Secunia mirror) CVE-2006-0279 (Secunia mirror) CVE-2006-0280 (Secunia mirror) CVE-2006-0281 (Secunia mirror) CVE-2006-0282 (Secunia mirror) CVE-2006-0283 (Secunia mirror) CVE-2006-0284 (Secunia mirror) CVE-2006-0285 (Secunia mirror) CVE-2006-0286 (Secunia mirror) CVE-2006-0287 (Secunia mirror) CVE-2006-0288 (Secunia mirror) CVE-2006-0289 (Secunia mirror) CVE-2006-0290 (Secunia mirror) CVE-2006-0291 (Secunia mirror) CVE-2006-0547 (Secunia mirror) CVE-2006-0548 (Secunia mirror) CVE-2006-0549 (Secunia mirror) CVE-2006-0550 (Secunia mirror) CVE-2006-0551 (Secunia mirror) CVE-2006-0586 (Secunia mirror) CVE-2006-0552 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS! |
|
|
Description: 82 vulnerabilities and security issues have been reported in various Oracle products. Some have an unknown impact, and others can be exploited to gain knowledge of certain information, overwrite arbitrary files, conduct SQL injection attacks and compromise a vulnerable system.
Details have been disclosed for the following vulnerabilities:
1) Input passed to various parameters in the procedures within the DBMS_DATAPUMP, DBMS_REGISTRY, DBMS_CDC_UTILITY, DBMS_CDC_PUBLISH, DBMS_METADATA_UTIL, DBMS_METADATA_INT, DBMS_METADATA, CTXSYS.DRILOAD, CTXSYS.DRIDML, CTXSYS.CTX_DOC, CTXSYS.CTX_QUERY, and CATINDEXMETHODS Oracle PL/SQL packages is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) Input passed to various parameters in the ATTACH_JOB, HAS_PRIVS, and OPEN_JOB procedures within the SYS.KUPV$FT package is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerabilities have been reported in Oracle 10g Release 1.
3) Input passed to various parameters in several procedures within the SYS.KUPV$FT_INT package is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerabilities have been reported in Oracle 10g Release 1.
4) Design errors in the Oracle Database causes the Oracle TDE (Transparent Data Encryption) wallet password to be logged in cleartext, and the masterkey for the TDE wallet to be stored unencrypted.
The security issues have been reported in Oracle Database 10g Release 2 version 10.2.0.1.
5) Some errors in the Reports component of the Oracle Application Server can be exploited to read parts of any files or overwrite any files via Oracle Reports.
For more information, see #2, #3, and #4 in:
SA16092
The vulnerability has been reported in versions 1.0.2.0 through 10.1.0.2.
6) Unspecified input is not properly sanitised in the "sys.dbms_metadata" package is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
7) Input passed to the AUTH_ALTER_SESSION attribute in a TNS authentication message is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation allows execution of arbitrary SQL queries with SYS user privileges.
The vulnerability has been reported in Oracle 8i (8.1.7.x.x), Oracle 9i (9.2.0.7), Oracle 10g Release 1 (10.1.0.4.2), and Oracle 10g Release 2 (10.2.0.1.0).
8) Some boundary errors exist in the GENERATESCHEMA and GENERATESCHEMAS public procedures in the DBMS_XMLSCHEMA and DBMS_XMLSCHEMA_INT PL/SQL packages. This can be exploited by malicious users to execute arbitrary code on the database server via overly long parameters passed to the procedures.
The vulnerability has been reported in Oracle Database Server version 9i Release 2 and 10g Release 1.
The following supported products are affected by one or more of the 82 vulnerabilities:
* Oracle Database 10g Release 2, version 10.2.0.1
* Oracle Database 10g Release 1, versions 10.1.0.3, 10.1.0.4, 10.1.0.5
* Oracle9i Database Release 2, versions 9.2.0.6, 9.2.0.7
* Oracle8i Database Release 3, version 8.1.7.4
* Oracle Enterprise Manager 10g Grid Control, versions 10.1.0.3, 10.1.0.4
* Oracle Application Server 10g Release 2, versions 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1.0
* Oracle Application Server 10g Release 1 (9.0.4), versions 9.0.4.1, 9.0.4.2
* Oracle Collaboration Suite 10g Release 1, versions 10.1.1, 10.1.2
* Oracle9i Collaboration Suite Release 2, version 9.0.4.2
* Oracle E-Business Suite Release 11i, versions 11.5.1 through 11.5.10 CU2
* Oracle E-Business Suite Release 11.0
* PeopleSoft Enterprise Portal, versions 8.4, 8.8, 8.9
* JD Edwards EnterpriseOne Tools, OneWorld Tools, versions 8.95.F1, SP23_L1
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution: Apply patches (see vendor advisory).
Provided and/or discovered by: 1-6) Alexander Kornbrust, Red Database Security.
7) Amichai Shulman
8) Esteban Martínez Fayo, Argeniss.
Changelog: 2006-01-19: Updated link in "Original Advisory". Added link to US-CERT vulnerability note.
2006-01-20: Added CVE references. Updated "Description" section.
2006-01-23: Added links to US-CERT vulnerability notes.
2006-01-26: Added links to US-CERT vulnerability notes.
2006-01-27: Added information from Argeniss.
2006-02-09: Added CVE references.
2006-04-26: Added details about additional vulnerability.
2006-08-07: Added CVE reference.
Original Advisory: Oracle:
http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Red Database Security:
http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html
http://www.red-database-security.com/advisory/oracle_tde_wallet_password.html
http://www.red-database-security.com/advisory/oracle_tde_unencrypted_sga.html
http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft.html
http://www.red-database-security.com/...oracle_sql_injection_kupv$ft_int.html
http://www.red-database-security.com/...racle_reports_overwrite_any_file.html
http://www.red-database-security.com/...oracle_reports_read_any_xml_file.html
http://www.red-database-security.com/...acle_sql_injection_dbms_metadata.html
Imperva:
http://www.imperva.com/application_de...nter/papers/oracle-dbms-01172006.html
Argeniss:
http://www.argeniss.com/research/ARGENISS-ADV-010601.txt
Other References: SA16092:
http://secunia.com/advisories/16092/
US-CERT VU#150332:
http://www.kb.cert.org/vuls/id/150332
US-CERT VU#545804:
http://www.kb.cert.org/vuls/id/545804
US-CERT VU#870172:
http://www.kb.cert.org/vuls/id/870172
US-CERT VU#871756:
http://www.kb.cert.org/vuls/id/871756
US-CERT VU#891644:
http://www.kb.cert.org/vuls/id/891644
US-CERT VU#983340:
http://www.kb.cert.org/vuls/id/983340
US-CERT VU#999268:
http://www.kb.cert.org/vuls/id/999268
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
53 Related Secunia Security Advisories, displaying 10
|
|
|
1. Oracle Products Multiple Vulnerabilities
|
|
2. Oracle Application Server Portal Authentication Bypass
|
|
3. Oracle Products Multiple Vulnerabilities
|
|
4. Oracle Products Multiple Vulnerabilities
|
|
5. Oracle Database PITRIG_DROPMETADATA Buffer Overflow Vulnerability
|
|
6. Oracle Products Multiple Vulnerabilities
|
|
7. Oracle Products Multiple Vulnerabilities
|
|
8. Oracle Rapid Install Cross-Site Scripting Vulnerability
|
|
9. Oracle Products Multiple Vulnerabilities
|
|
10. Oracle Application Server DMS Cross-Site Scripting Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|

|
 |
Secunia PSI Scan | Patch | Track Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|