|
Oracle Products Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA33525
|
|
|
Release Date:
|
2009-01-14
|
|
Last Update:
|
2009-02-03
|
|
Popularity:
|
6,717 views
|
|
|
Critical:
|
 Highly critical
|
|
Impact:
|
Unknown Cross Site Scripting Manipulation of data Exposure of system information Privilege escalation DoS System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | JD Edwards EnterpriseOne Tools 8.x JD Edwards OneWorld Tools 8.x Oracle Application Server 10g Oracle Collaboration Suite 10.x Oracle Database 10.x Oracle Database 11.x Oracle E-Business Suite 11i Oracle E-Business Suite 12.x Oracle Enterprise Manager 10.x Oracle PeopleSoft Enterprise Human Resource Management System 8.x Oracle PeopleSoft Enterprise Human Resource Management System 9.x Oracle Secure Backup 10.x Oracle Times-Ten In-Memory Database 7.x Oracle9i Database Enterprise Edition Oracle9i Database Standard Edition
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description: Some vulnerabilities have been reported in various Oracle products. Some have unknown impact while others can be exploited by malicious users to conduct SQL injection attacks, disclose system information, or manipulate certain data, and by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or to compromise a vulnerable system.
1) A vulnerability exists in Oracle Database due to an unspecified function allowing an authenticated user to create or rewrite arbitrary files with escalated privileges.
This vulnerability is reported in Oracle Database 10g R2 10.2.0.3.0 on 32-bit Linux and Windows platforms. Other versions may also be affected.
2) Input passed via a cookie in php/login.php in Oracle Corp.'s Secure Backup Administration Server is not properly sanitised before being used. This can be exploited to inject and execute arbitrary shell commands on an affected system.
3) Input passed via an unspecified parameter in php/common.php in Oracle Corp.'s Secure Backup Administration Server is not properly verified before being used. This can be exploited to inject and execute arbitrary shell commands on an affected system.
Vulnerabilities #2 and #3 are reported in Oracle Corp.'s Secure Backup version 10.2.0.2 for Linux and Secure Backup version 10.2.0.2 for Windows. Other versions may also be affected.
4) Input passed via an unspecified parameter in common.php in Oracle Corp.'s Secure Backup Administration Server is not properly sanitised before being used. This can be exploited to inject and execute arbitrary shell commands on an affected system.
This vulnerability is reported in Oracle Corp.'s Secure Backup version 10.1.0.3 for Linux. Other versions may also be affected.
5) Certain input is not properly sanitised before being used when executing the "MDSYS.SDO_TOPO_DROP_FTBL" trigger. This can be exploited manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation of this vulnerability allows performing certain actions as the MDSYS user, but requires "CREATE SESSION" privileges.
This vulnerability is reported in Oracle 10g R1 and R2 (10.1.0.5 and 10.2.0.2). Other versions may also be affected.
6) Input passed via the URL to BPELConsole/default/activities.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in an administrator's browser session in context of an affected site.
This vulnerability is reported in Oracle Application Server (SOA) version 10.1.3.1.0. Other versions may also be affected.
7) A format string error in exists in Oracle TimesTen within the "evtdump" command when writing to an internal log file. This can potentially be exploited to execute arbitrary code via a specially crafted string passed via the "msg" parameter.
This vulnerability is reported in TimesTen prior to version 7.0.5.1.0.
8) Input passed via the "rbtool" parameter to login.php in Oracle Secure Backup Administration Server is not properly sanitised before being used in a call to "popen()" in "exec_qr()". This can be exploited to inject and execute arbitrary shell commands on an affected system.
This is related to vulnerability #1.
This vulnerability is reported in Oracle Secure Backup version 10.1.0.3 to 10.2.0.2.
9) A boundary error within "obndmp.exe" in Oracle Secure Backup when processing NDMP client authentication packets can be exploited to cause a buffer overflow and execute arbitrary code via a specially crafted packet sent to port 10000/TCP.
10 Three unspecified errors within "obndmp.exe" in Oracle Secure Backup when processing NDMP packets can be exploited to cause a DoS by sending specially crafted "connect open", "connect close", or "mover get state" packets to an affected system.
11) A null-pointer dereference error within "observiced.exe" in Oracle Secure Backup when processing private protocol data can be exploited to cause a crash by sending specially crafted data to port 400/TCP.
12) A security issue in Oracle E-Business Suite can be exploited by malicious users to disclose certain system information.
13) An unspecified error in the "ODCITABLESTART" procedure within the "SYS.OLAPIMPL_T" package in Oracle Database Server version 9iR2 can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
14) Input passed via the "TARGET" parameter in /em/console/reports/admin of the web application in Oracle Enterprise Manager 10g Grid Control is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
The vulnerabilities are reported in the following products and versions:
* Oracle Database 11g, version 11.1.0.6
* Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3, 10.2.0.4
* Oracle Database 10g, version 10.1.0.5
* Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
* Oracle Secure Backup version 10.2.0.2, 10.2.0.3
* Oracle Secure Backup version 10.1.0.1, 10.1.0.2, 10.1.0.3
* Oracle TimesTen In-Memory Database version 7.0.5.1.0, 7.0.5.2.0, 7.0.5.3.0, 7.0.5.4.0
* Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.3.0
* Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.2.0, 10.1.2.3.0
* Oracle Collaboration Suite 10g, version 10.1.2
* Oracle E-Business Suite Release 12, version 12.0.6
* Oracle E-Business Suite Release 11i, version 11.5.10.2
* Oracle Enterprise Manager Grid Control 10g Release 4, versions 10.2.0.4
* PeopleSoft Enterprise HRMS versions: 8.9 and 9.0
* JD Edwards Tools version 8.97
Change Page: [ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
22nd Dec, 2009
|
New advisories:
|
17 |
|
New vulnerabilities:
|
25 |
|
Updated advisories:
|
23 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Solutions | More...
|
|