Oracle Database Server ctxsys.driload Access Validation Vulnerability
Oracle has released an alert (#68) and a patch to address these issues. Information regarding obtaining and applying an appropriate patch can be found at the following location:
It should be noted that a valid subscription to the metalink service is required in order to view this document.
It is reported that software conflicts may arise when these patches are installed against binaries that have already had patches installed. Additionally, although Oracle 9i 9.2.x.x database server is supported, it is reported that customers may be required to update to versions 18.104.22.168/22.214.171.124 prior to applying these patches. This action might also be required for other releases and products. Customers are advised to contact the vendor for further information and support in regards to the installation of appropriate updates.
A message from "David Litchfield" <firstname.lastname@example.org> is available that states that some of the vulnerabilities in alert #68 may not have been successfully fixed by Oracle. Users of affected packages should refer to the referenced message, and contact their vendor for further information on the status of fixes.
A message from "NGSSoftware Insight Security Research" <email@example.com> (Oracle October 2005 CPU Problems) states that there is a flaw in the fix for the CTXSYS component of Oracle 126.96.36.199 on all platforms. Please see the referenced message for further details on this issue.