Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious users to gain escalated privileges, disclose potentially sensitive information, conduct SQL injection attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and cause a DoS (Denial of Service).

1) An unspecified error in the Oracle Warehouse Builder component can be exploited by authenticated users to potentially execute arbitrary code.

Successful exploitation of this vulnerability requires Dimensional Data Modeling privileges.

2) An error in handling the "P_CUBE_NAME" argument of the "OWBREPOS_OWNER.WB_OLAP_AW_SET_SOLVE_ID" procedure can be exploited to execute SQL commands as the OWBREPOS_OWNER user.

This vulnerability can be exploited to gain SYSDBA user privileges.

3) An error exists in the C Oracle SSL API of the Oracle Security Service component and can be exploited to manipulate certain data.

For more information see vulnerability #1:
SA37291

4) An error exists in the Application Service Level Management component and can be exploited by authenticated users to conduct SQL injection attacks.

For more information see vulnerability #1:
SA44228

5) An error in the Network Foundation component when handling certain packets can be exploited to cause a high CPU consumption by sending specially crafted packets.

Successful exploitation requires that the SID or Service Name of the database is known.

6) An error exists in the Oracle Help component and can be exploited to conduct cross-site scripting attacks.

For more information see vulnerability #2:
SA44246

7) An unspecified error in the UIX component can be exploited to manipulate certain data.

8) An unspecified error in the Database Vault component can be exploited by authenticated users to disclose and manipulate certain data.

The vulnerabilities are reported in the following products:
* Oracle Database 11g Release 2 versions 11.2.0.1, and 11.2.0.2.
* Oracle Database 11g Release 1 version 11.1.0.7.
* Oracle Database 10g Release 2 versions 10.2.0.3, 10.2.0.4, and 10.2.0.5.
* Oracle Database 10g Release 1 version 10.1.0.5.

Solution
Apply updates (please see the vendor's advisory for details).

Provided and/or discovered by
2) Alexandr Polyakov, Digital Security Research Group.
4, 5, 6) Esteban Martinez Fayo, Application Security Inc.

Another vulnerability has been reported by Alexandr Polyakov, Digital Security Research Group.

It is currently unclear who reported the remaining vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.

Changelog
Further details available to Secunia VIM customers

Original Advisory
Oracle:
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixDB

Application Security Inc:
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0046.html
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0047.html
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0048.html

Digital Security Research Group (DSECRG-11-020, DSECRG-11-021, DSECRG-11-022):
http://dsecrg.com/pages/vul/show.php?id=320
http://dsecrg.com/pages/vul/show.php?id=321
http://dsecrg.com/pages/vul/show.php?id=322

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers