Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious users to gain escalated privileges, disclose potentially sensitive information, conduct SQL injection attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and cause a DoS (Denial of Service).
1) An unspecified error in the Oracle Warehouse Builder component can be exploited by authenticated users to potentially execute arbitrary code.
Successful exploitation of this vulnerability requires Dimensional Data Modeling privileges.
2) An error in handling the "P_CUBE_NAME" argument of the "OWBREPOS_OWNER.WB_OLAP_AW_SET_SOLVE_ID" procedure can be exploited to execute SQL commands as the OWBREPOS_OWNER user.
This vulnerability can be exploited to gain SYSDBA user privileges.
3) An error exists in the C Oracle SSL API of the Oracle Security Service component and can be exploited to manipulate certain data.
For more information see vulnerability #1: SA37291
4) An error exists in the Application Service Level Management component and can be exploited by authenticated users to conduct SQL injection attacks.
For more information see vulnerability #1: SA44228
5) An error in the Network Foundation component when handling certain packets can be exploited to cause a high CPU consumption by sending specially crafted packets.
Successful exploitation requires that the SID or Service Name of the database is known.
6) An error exists in the Oracle Help component and can be exploited to conduct cross-site scripting attacks.
For more information see vulnerability #2: SA44246
7) An unspecified error in the UIX component can be exploited to manipulate certain data.
8) An unspecified error in the Database Vault component can be exploited by authenticated users to disclose and manipulate certain data.
The vulnerabilities are reported in the following products:
* Oracle Database 11g Release 2 versions 220.127.116.11, and 18.104.22.168.
* Oracle Database 11g Release 1 version 22.214.171.124.
* Oracle Database 10g Release 2 versions 10.2.0.3, 10.2.0.4, and 10.2.0.5.
* Oracle Database 10g Release 1 version 10.1.0.5.
Solution: Apply updates (please see the vendor's advisory for details).
Provided and/or discovered by: 2) Alexandr Polyakov, Digital Security Research Group.
4, 5, 6) Esteban Martinez Fayo, Application Security Inc.
Another vulnerability has been reported by Alexandr Polyakov, Digital Security Research Group.
It is currently unclear who reported the remaining vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.
Original Advisory: Oracle:
Digital Security Research Group (DSECRG-11-020, DSECRG-11-021, DSECRG-11-022):
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Oracle Database Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.