Oracle Multiple Vulnerabilities
BID:13139
Info
Oracle Multiple Vulnerabilities
| Bugtraq ID: | 13139 |
| Class: | Unknown |
| CVE: |
CVE-2003-0460 CVE-2003-0542 CVE-2003-0851 CVE-2003-0987 CVE-2004-0079 CVE-2004-0081 CVE-2004-0174 CVE-2004-0488 CVE-2004-0492 CVE-2004-0885 CVE-2004-0940 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 12 2005 12:00AM |
| Updated: | May 05 2006 11:30PM |
| Credit: | The vendor reported these issues. |
| Vulnerable: |
PeopleSoft OneWorld Xe/ERP8 Applications SP22 PeopleSoft EnterpriseOne Applications 8.93 PeopleSoft EnterpriseOne Applications 8.9 SP2 Oracle Oracle9i Standard Edition 9.2 .6 Oracle Oracle9i Standard Edition 9.2 .0.5 Oracle Oracle9i Standard Edition 9.0.4 Oracle Oracle9i Standard Edition 9.0.1 .5 Oracle Oracle9i Standard Edition 9.0.1 .4 Oracle Oracle9i Personal Edition 9.2 .6 Oracle Oracle9i Personal Edition 9.2 .0.5 Oracle Oracle9i Personal Edition 9.0.4 Oracle Oracle9i Personal Edition 9.0.1 .5 Oracle Oracle9i Personal Edition 9.0.1 .4 Oracle Oracle9i Enterprise Edition 9.2 .6.0 Oracle Oracle9i Enterprise Edition 9.2 .0.5 Oracle Oracle9i Enterprise Edition 9.0.4 Oracle Oracle9i Enterprise Edition 9.0.1 .5 Oracle Oracle9i Enterprise Edition 9.0.1 .4 Oracle Oracle9i Application Server 9.0.3 .1 Oracle Oracle9i Application Server 9.0.2 .3 Oracle Oracle9i Application Server 1.0.2 .2 Oracle Oracle8i Standard Edition 8.1.7 .4 Oracle Oracle8i Enterprise Edition 8.1.7 .4.0 Oracle Oracle10g Standard Edition 10.1 .0.4 Oracle Oracle10g Standard Edition 10.1 .0.3.1 Oracle Oracle10g Standard Edition 10.1 .0.3 Oracle Oracle10g Standard Edition 10.1 .0.2 Oracle Oracle10g Personal Edition 10.1 .0.4 Oracle Oracle10g Personal Edition 10.1 .0.3.1 Oracle Oracle10g Personal Edition 10.1 .0.3 Oracle Oracle10g Personal Edition 10.1 .0.2 Oracle Oracle10g Enterprise Edition 10.1 .0.4 Oracle Oracle10g Enterprise Edition 10.1 .0.3.1 Oracle Oracle10g Enterprise Edition 10.1 .0.3 Oracle Oracle10g Enterprise Edition 10.1 .0.2 Oracle Oracle10g Application Server 10.1.2 Oracle Oracle10g Application Server 10.1 .0.3.1 Oracle Oracle10g Application Server 9.0.4 .1 Oracle Oracle10g Application Server 9.0.4 .0 Oracle Enterprise Manager Grid Control 10g 10.1 .3 Oracle Enterprise Manager Grid Control 10g 10.1 .0.2 Oracle Enterprise Manager 9.0.4 .1 Oracle Enterprise Manager 9.0.4 .0 Oracle E-Business Suite 11i 11.5.10 Oracle E-Business Suite 11i 11.5.9 Oracle E-Business Suite 11i 11.5.8 Oracle E-Business Suite 11i 11.5.7 Oracle E-Business Suite 11i 11.5.6 Oracle E-Business Suite 11i 11.5.5 Oracle E-Business Suite 11i 11.5.4 Oracle E-Business Suite 11i 11.5.3 Oracle E-Business Suite 11i 11.5.2 Oracle E-Business Suite 11i 11.5.1 Oracle E-Business Suite 11i 11.5 Oracle E-Business Suite 11.0 Oracle Collaboration Suite Release 2 9.0.4 .2 Oracle Collaboration Suite Release 2 9.0.4 .1 |
| Not Vulnerable: | |
Discussion
Oracle Multiple Vulnerabilities
Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities.
Oracle has released a Critical Patch Update to address these issues in various supported applications and platforms. Other non-supported versions may be affected, but Symantec has not confirmed this.
The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization.
This BID will be divided and updated into separate BIDs when more information is available.
Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities.
Oracle has released a Critical Patch Update to address these issues in various supported applications and platforms. Other non-supported versions may be affected, but Symantec has not confirmed this.
The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization.
This BID will be divided and updated into separate BIDs when more information is available.
Exploit / POC
Oracle Multiple Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Oracle Multiple Vulnerabilities
Solution:
Oracle has released a Critical Patch Update (Critical Patch Update - April 2005) to address these issues. Information regarding obtaining and applying an appropriate patch can be found in the Oracle Critical Patch Update in references.
Pre-Installation Notes for Oracle Database Server can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=301045.1
Pre-Installation Notes for Oracle Application Server can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=301046.1
Pre-Installation Notes for Oracle Collaboration Suite can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=301047.1
Pre-Installation Notes for Oracle E-Business and Applications can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=301048.1
Pre-Installation Notes for Oracle Enterprise Manager Grid Control can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=301049.1
Solution:
Oracle has released a Critical Patch Update (Critical Patch Update - April 2005) to address these issues. Information regarding obtaining and applying an appropriate patch can be found in the Oracle Critical Patch Update in references.
Pre-Installation Notes for Oracle Database Server can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=301045.1
Pre-Installation Notes for Oracle Application Server can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=301046.1
Pre-Installation Notes for Oracle Collaboration Suite can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=301047.1
Pre-Installation Notes for Oracle E-Business and Applications can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=301048.1
Pre-Installation Notes for Oracle Enterprise Manager Grid Control can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=301049.1
References
Oracle Multiple Vulnerabilities
References:
References:
- Critical Patch Update - April 2005 (Oracle)
- Oracle Homepage (Oracle)
- Oracle PeopleSoft Applications - PeopleSoft Advisory (Oracle)
- Multiple High Risk flaws fixed in Oracle ("NGSSoftware Insight Security Research"