Oracle Database Multiple Vulnerabilities

BID:12301

Info

Oracle Database Multiple Vulnerabilities

Bugtraq ID: 12301
Class: Unknown
CVE: CVE-2005-0298
Remote: Yes
Local: No
Published: Jan 18 2005 12:00AM
Updated: Jul 12 2009 10:06AM
Credit: Discovery is credited to Pete Finnigan, Alexander Kornbrust of Red Database Security, Stephen Kost of Integrigy, and David Litchfield of NGSS Limited.
Vulnerable: Oracle Oracle9i Standard Edition 9.2 .6
Oracle Oracle9i Standard Edition 9.2 .0.5
Oracle Oracle9i Standard Edition 9.0.4
Oracle Oracle9i Standard Edition 9.0.1 .5
Oracle Oracle9i Standard Edition 9.0.1 .4
Oracle Oracle9i Standard Edition 9.0 .2.4
Oracle Oracle9i Personal Edition 9.2 .6
Oracle Oracle9i Personal Edition 9.2 .0.5
Oracle Oracle9i Personal Edition 9.0.4
Oracle Oracle9i Personal Edition 9.0.1 .5
Oracle Oracle9i Personal Edition 9.0.1 .4
Oracle Oracle9i Personal Edition 9.0 .2.4
Oracle Oracle9i Enterprise Edition 9.2 .6.0
Oracle Oracle9i Enterprise Edition 9.2 .0.5
Oracle Oracle9i Enterprise Edition 9.0.4
Oracle Oracle9i Enterprise Edition 9.0.1 .5
Oracle Oracle9i Enterprise Edition 9.0.1 .4
Oracle Oracle9i Enterprise Edition 9.0 .2.4
Oracle Oracle9i Application Server 9.0.3 .1
Oracle Oracle9i Application Server 9.0.2 .3
Oracle Oracle9i Application Server 1.0.2 .2
Oracle Oracle8i Standard Edition 8.1.7 .4
Oracle Oracle8i Enterprise Edition 8.1.7 .4.0
Oracle Oracle8 8.0.6 .3
Oracle Oracle8 8.0.6
Oracle Oracle10g Standard Edition 10.1 .0.3
Oracle Oracle10g Standard Edition 10.1 .0.2
Oracle Oracle10g Personal Edition 10.1 .0.3
Oracle Oracle10g Personal Edition 10.1 .0.2
Oracle Oracle10g Enterprise Edition 10.1 .0.3
Oracle Oracle10g Enterprise Edition 10.1 .0.2
Oracle Oracle10g Application Server 10.1.2
Oracle Oracle10g Application Server 10.1 .0.3.1
Oracle Oracle10g Application Server 10.1 .0.3
Oracle Oracle10g Application Server 10.1 .0.2
Oracle Oracle10g Application Server 9.0.4 .1
Oracle Oracle10g Application Server 9.0.4 .0
Oracle E-Business Suite 11i 11.5
Oracle E-Business Suite 11.0
Oracle Collaboration Suite Release 2 9.0.4 .2
Oracle Applications 11i 11.5
Oracle Applications 11.0
Not Vulnerable:

Discussion

Oracle Database Multiple Vulnerabilities

Oracle Database 10g, Oracle9i Database Server, Oracle8i Database Server, Oracle8 Database, Oracle Collaboration Suite, Oracle Application Server, and Oracle E-Business Suite are reported prone to multiple vulnerabilities.

Oracle has released a Critical Patch Update to address these issues in various supported applications. The following specific issues were identified:

- A networking component of Oracle8 Database is affected by a vulnerability.

- The LOB Access component of Oracle8i Database Server is reported prone to an information disclosure vulnerability.

- The Spatial component of Oracle8i Database Server is reported prone to a vulnerability.

- The UTL_FILE component of Oracle9i Database Server Release 2 is reported prone to a vulnerability.

- A Diagnostic component of Oracle8i Database Server is reported prone to a vulnerability.

- The XDB component of Oracle Database 10g and Oracle9i Database Server Release 2 is reported prone to multiple vulnerabilities.

- The Dataguard component of Oracle Database 10g is reported prone to a vulnerability.

- The Log Miner component of Oracle9i Database Server Release 2 is reported prone to a vulnerability.

- The OLAP component of Oracle9i Database Server Release 2 is reported prone to a vulnerability.

- The Data Mining component of Oracle Database 10g is reported prone to a vulnerability.

- The Advanced Queuing component of Oracle Database 10g is reported prone to a vulnerability.

- The Change Data Capture component of Oracle Database 10g is reported prone to multiple vulnerabilities.

- The Database Core component of Oracle Database 10g is reported prone to a vulnerability.

- The OHS component of Oracle Database 10g is reported prone to a vulnerability.

- The Report Server component of Oracle Application Server is reported prone to a vulnerability.

- The Forms component of Oracle Application Server is reported prone to a vulnerability.

- The mod_plsql component of Oracle Application Server is reported prone to a vulnerability.

- The Calendar component of Oracle Collaboration Suite is reported prone to a vulnerability.

- The Oracle E-Business Suite is reported prone to multiple vulnerabilities.

The Oracle advisory only addresses those products that are supported. It is likely that earlier versions of the releases may also be affected. This Critical Patch Update also includes Oracle Security Alert #68 fixes that are specified in BID 10871 (Oracle Multiple Unspecified Vulnerabilities), BID 11120 (Oracle Database 9i SQL Command Buffer Overflow Vulnerability), BID 11099 (Oracle Database Server ctxsys.driload Access Validation Vulnerability), BID 11100 (Oracle Database Server dbms_system.ksdwrt Remote Buffer Overflow Vulnerability), and BID 11091 (Oracle 10g Database DBMS_SCHEDULER Remote Command Execution Vulnerability).

It is possible that other BIDs such as BID 12296 (Oracle Database Multiple Unspecified Vulnerabilities) are related to these vulnerabilities as well.

This BID will be divided and updated into separate BIDs when more information is available.

Exploit / POC

Oracle Database Multiple Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Oracle Database Multiple Vulnerabilities

Solution:
Oracle has released a Critical Patch Update to address these issues. Information regarding obtaining and applying an appropriate patch can be found in the Oracle Critical Patch Update in references.

Information about Oracle Database Patch Availability can be found at the following location:

http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=293737.1

Information about Application Server Patch Availability can be found at the following location:

http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=293738.1

Information about Oracle Collaboration Suite Patch Availability can be found at the following location:

http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=293740.1

Information about Oracle E-Business Patch Availability can be found at the following location:

http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=293741.1

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report