|
|
>> Oracle Products Multiple Unspecified Vulnerabilities (July 2005)
|
Title : Oracle Products Multiple Unspecified Vulnerabilities (July 2005)
VUPEN ID : VUPEN/ADV-2005-1074
CVE ID : GENERIC-MAP-NOMATCH
CWE ID : CWE-
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-07-12
|
Multiple vulnerabilities were reported in Oracle products, which may be exploited by remote or local attackers to cause a denial of service, execute arbitrary commands and conduct SQL Injection attacks. These flaws are due to unspecified errors in Oracle Express Server, Oracle OLAP, XML Database, iSQL*Plus, Oracle HTTP Server, Oracle Forms, Oracle JDeveloper, Oracle Reports Developer, Oracle JInitiator, Email Server, and Oracle Web Conferencing.
Affected Products
Oracle Database 10g Release 1 version 10.1.0.2
Oracle Database 10g Release 1 version 10.1.0.3
Oracle Database 10g Release 1 version 10.1.0.4
Oracle9i Database Server Release 2 version 9.2.0.5
Oracle9i Database Server Release 2 version 9.2.0.6
Oracle9i Database Server Release 1 version 9.0.1.4
Oracle9i Database Server Release 1 version 9.0.1.5
Oracle9i Database Server Release 1 version 9.0.1.5 FIPS
Oracle8i Database Server Release 3 version 8.1.7.4
Oracle8 Database Release 8.0.6 version 8.0.6.3
Oracle Enterprise Manager Grid Control 10g version 10.1.0.2
Oracle Enterprise Manager Grid Control 10g version 10.1.0.3
Oracle Enterprise Manager 10g Database Control version 10.1.0.2
Oracle Enterprise Manager 10g Database Control version 10.1.0.3
Oracle Enterprise Manager 10g Database Control version 10.1.0.4
Oracle Enterprise Manager Application Server Control version 9.0.4.0
Oracle Enterprise Manager Application Server Control version 9.0.4.1
Oracle Application Server 10g (9.0.4) version 9.0.4.0
Oracle Application Server 10g (9.0.4) version 9.0.4.1
Oracle9i Application Server Release 2 version 9.0.2.3
Oracle9i Application Server Release 2 version 9.0.3.1
Oracle9i Application Server Release 1, version 1.0.2.2
Oracle Collaboration Suite Release 2 version 9.0.4.1
Oracle Collaboration Suite Release 2 version 9.0.4.2
Oracle E-Business Suite and Applications Release 11i version 11.5.1 through 11.5.10
Oracle E-Business Suite and Applications Release 11.0
Oracle Workflow version 11.5.1 through 11.5.9.5
Oracle Forms and Reports version 4.5.10.22
Oracle Forms and Reports version 6.0.8.25
Oracle JInitiator version 1.1.8
Oracle JInitiator version 1.3.1
Oracle Developer Suite version 9.0.2.3
Oracle Developer Suite version 9.0.4
Oracle Developer Suite version 9.0.4.1
Oracle Developer Suite version 9.0.5
Oracle Developer Suite version 10.1.2
Oracle Express Server version 6.3.4.0
Solution
Apply patches :
http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html
References
http://www.vupen.com/english/advisories/2005/1074
http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html
http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html
http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html
http://www.red-database-security.com/advisory/oracle_formsbuilder_temp_file_issue.html
http://www.red-database-security.com/advisory/oracle_forms_unsecure_temp_file_handling.html
Credits
Vulnerabilities reported by Gerhard Eschelbeck, Esteban Martínez Fayó, Alexander Kornbrust, Stephen Kost, David Litchfield, Michael Murray, Aaron C. Newman, and Mike Sues.
ChangeLog
2005-07-12 : Initial release
2005-07-12 : Updated References
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
