Oracle produkter flere sårbarheder - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

Oracle produkter flere sårbarheder

Secunia Advisory:	SA28518
Udsendt:	2008-01-16
Sidste Opdt.:	2008-02-04

Kritisk:	Meget kritisk
Betydning:	Ukendt Sikkerhedsomgåelse Manipulation af data DoS Systemadgang
Hvor:	Fra Internet
Løsning Status:	Producent Patch

Software:	Oracle Application Server 10g Oracle Collaboration Suite 10.x Oracle Database 10.x Oracle E-Business Suite 11i Oracle E-Business Suite 12.x Oracle PeopleSoft Enterprise Tools 8.x Oracle9i Database Enterprise Edition Oracle9i Database Standard Edition

CVE reference:	CVE-2008-0339 (Secunia mirror) CVE-2008-0340 (Secunia mirror) CVE-2008-0342 (Secunia mirror) CVE-2008-0344 (Secunia mirror) CVE-2008-0345 (Secunia mirror) CVE-2008-0346 (Secunia mirror) CVE-2008-0347 (Secunia mirror) CVE-2008-0348 (Secunia mirror) CVE-2008-0349 (Secunia mirror) CVE-2008-0341 (Secunia mirror) CVE-2008-0343 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Beskrivelse: Der er rapporteret flere sårbarheder i forskellige Oracle-produkter, hvor nogle har ukendt betydning og andre kan udnyttes til at udføre SQL-indsættelsesangreb, udføre et DoS (Denial of Service) eller potentielt kompromittere et sårbart system. 1) To ikke-kontrollerede buffere i procedurene "XDB.XDB_PITRIG_PKG.PITRIG_TRUNCATE" og "XDB.XDB_PITRIG_PKG.PITRIG_DROP" kan udnyttes til at forårsage buffer overflows via lange argumenter. 2) Input suppleret via det første argument til procedurene "XDB.XDB_PITRIG_PKG.PITRIG_TRUNCATE" og "XDB.XDB_PITRIG_PKG.PITRIG_DROP" filtreres ikke korrekt, før det benyttes i SQL-forespørgsler. Dette kan udnyttes til at manipulere en SQL-forespørgsel ved at indsætte vilkårlig SQL-kode. 3) En fejl i implementationen af Ultra-Search modulet kan udnyttes til at omgå sikkerhedsbegrænsninger grundet uhensigtsmæssige høje rettigheder tildelt WKSYS-brugeren. De andre sårbarheder skyldes uspecificerede fejl. Yderligere information er ikke tilgængelig. Sårbarhederne er rettet i følgende produkter og versioner: • Oracle Database 11g, version 11.1.0.6 • Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3 • Oracle Database 10g, version 10.1.0.5 • Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV • Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.0.0, 10.1.3.1.0, 10.1.3.3.0 • Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.0.2, 10.1.2.1.0, 10.1.2.2.0 • Oracle Application Server 10g (9.0.4), version 9.0.4.3 • Oracle Collaboration Suite 10g, version 10.1.2 • Oracle E-Business Suite Release 12, versions 12.0.0 - 12.0.3 • Oracle E-Business Suite Release 11i, versions 11.5.9 - 11.5.10 CU2 • Oracle PeopleSoft Enterprise PeopleTools versions 8.22, 8.48, 8.49 Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector. Løsning: Installér patches (se producentens advisory). Rapporteret af / Kredit: Producenten krediterer: * CERT/CC * Esteban Martinez Fayo of Application Security, Inc. * Pete Finnigan * Joxean Koret * Alexander Kornbrust of Red Database Security * Ali Kumcu of inTellectPro * David Litchfield of NGS Software * Mariano Nunez Di Croce of CYBSEC S.A. * Alexandr Polyakov of Digital Security Forløb: 30-01-2008: Tilføjede yderligere information. 04-02-2008: Tilføjede CVE-reference. Original Advisory: Oracle: http://www.oracle.com/technology/depl...ritical-patch-updates/cpujan2008.html Alexandr Polyakov: http://milw0rm.com/exploits/4994 http://milw0rm.com/exploits/4995 http://milw0rm.com/exploits/4997 Pete Finnigan: http://www.petefinnigan.com/Advisory_CPU_Jan_2008.htm



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

45 Relaterede Secunia Advisories, displaying 10

1. Oracle Database PITRIG_DROPMETADATA buffer overflow

2. Oracle produkter flere sårbarheder

3. Oracle produkter flere sårbarheder

4. Oracle Rapid Install cross-site scripting

5. Oracle produkter flere sårbarheder

6. Oracle Application Server DMS cross-site scripting

7. Oracle "PROCESS_DUP_HANDLE" rettighedseskalering

8. Oracle produkter flere sårbarheder

9. Oracle Portal HTTP flere sårbarheder

10. Oracle produkter flere sårbarheder

Vis alle relaterede advisories

Send Feedback to Secunia

Hvis du har ny information angående dette Secunia advisory eller et produkt i vores database, så send det venligst til os. Du kan sende det til os enten ved at bruge vores web formular eller ved at sende det til vuln@secunia.com. Ideer, foreslag og andet feedback er også meget velkommen.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	phpJobScheduler "installed_conf ig_file" File Inclusion Vulnerabilities

2.	phpMyRealty "price_max" SQL Injection Vulnerability

3.	Novell eDirectory Multiple Vulnerabilities

4.	HP TCP/IP Services for OpenVMS Finger Format String Vulnerability

5.	Sun Solaris Kernel Covert Channel Security Bypass

6.	dotProject SQL Injection and Cross-Site Scripting

7.	Blogn Cross-Site Scripting and Cross-Site Request Forgery

8.	IBM WebSphere Application Server for z/OS HTTP Server mod_proxy_ftp Vulnerability

9.	Novell Forum TCL Command Injection Vulnerability

10.	Caudium "configvar" Insecure Temporary Files