• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Oracle Database Multiple Vulnerabilities

Oracle Database 10g, Oracle9i Database Server, Oracle8i Database Server, Oracle8 Database, Oracle Collaboration Suite, Oracle Application Server, and Oracle E-Business Suite are reported prone to multiple vulnerabilities.

Oracle has released a Critical Patch Update to address these issues in various supported applications. The following specific issues were identified:

- A networking component of Oracle8 Database is affected by a vulnerability.

- The LOB Access component of Oracle8i Database Server is reported prone to an information disclosure vulnerability.

- The Spatial component of Oracle8i Database Server is reported prone to a vulnerability.

- The UTL_FILE component of Oracle9i Database Server Release 2 is reported prone to a vulnerability.

- A Diagnostic component of Oracle8i Database Server is reported prone to a vulnerability.

- The XDB component of Oracle Database 10g and Oracle9i Database Server Release 2 is reported prone to multiple vulnerabilities.

- The Dataguard component of Oracle Database 10g is reported prone to a vulnerability.

- The Log Miner component of Oracle9i Database Server Release 2 is reported prone to a vulnerability.

- The OLAP component of Oracle9i Database Server Release 2 is reported prone to a vulnerability.

- The Data Mining component of Oracle Database 10g is reported prone to a vulnerability.

- The Advanced Queuing component of Oracle Database 10g is reported prone to a vulnerability.

- The Change Data Capture component of Oracle Database 10g is reported prone to multiple vulnerabilities.

- The Database Core component of Oracle Database 10g is reported prone to a vulnerability.

- The OHS component of Oracle Database 10g is reported prone to a vulnerability.

- The Report Server component of Oracle Application Server is reported prone to a vulnerability.

- The Forms component of Oracle Application Server is reported prone to a vulnerability.

- The mod_plsql component of Oracle Application Server is reported prone to a vulnerability.

- The Calendar component of Oracle Collaboration Suite is reported prone to a vulnerability.

- The Oracle E-Business Suite is reported prone to multiple vulnerabilities.

The Oracle advisory only addresses those products that are supported. It is likely that earlier versions of the releases may also be affected. This Critical Patch Update also includes Oracle Security Alert #68 fixes that are specified in BID 10871 (Oracle Multiple Unspecified Vulnerabilities), BID 11120 (Oracle Database 9i SQL Command Buffer Overflow Vulnerability), BID 11099 (Oracle Database Server ctxsys.driload Access Validation Vulnerability), BID 11100 (Oracle Database Server dbms_system.ksdwrt Remote Buffer Overflow Vulnerability), and BID 11091 (Oracle 10g Database DBMS_SCHEDULER Remote Command Execution Vulnerability).

It is possible that other BIDs such as BID 12296 (Oracle Database Multiple Unspecified Vulnerabilities) are related to these vulnerabilities as well.

This BID will be divided and updated into separate BIDs when more information is available.