Oracle July 2008 Critical Patch Update Multiple Vulnerabilities
BID:30177
Info
Oracle July 2008 Critical Patch Update Multiple Vulnerabilities
| Bugtraq ID: | 30177 |
| Class: | Unknown |
| CVE: |
CVE-2008-2576 CVE-2008-2577 CVE-2008-2578 CVE-2008-2579 CVE-2008-2580 CVE-2008-2581 CVE-2008-2582 CVE-2008-2583 CVE-2008-2586 CVE-2008-2587 CVE-2008-2589 CVE-2008-2590 CVE-2008-2591 CVE-2008-2592 CVE-2008-2593 CVE-2008-2594 CVE-2008-2595 CVE-2008-2596 CVE-2008-2597 CVE-2008-2598 CVE-2008-2599 CVE-2008-2600 CVE-2008-2601 CVE-2008-2602 CVE-2008-2603 CVE-2008-2604 CVE-2008-2605 CVE-2008-2606 CVE-2008-2607 CVE-2008-2608 CVE-2008-2609 CVE-2008-2610 CVE-2008-2611 CVE-2008-2612 CVE-2008-2613 CVE-2008-2614 CVE-2008-2615 CVE-2008-2616 CVE-2008-2617 CVE-2008-2618 CVE-2008-2620 CVE-2008-2621 CVE-2008-2622 CVE-2008-2576 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jul 10 2008 12:00AM |
| Updated: | Jul 06 2016 02:17PM |
| Credit: | Flavio Casetta of Yocoya, Esteban Martinez Fayo of Application Security, Inc., Johannes Greil of SEC Consult, guyp of Sentrigo, Joxean Koret, Alexander Kornbrust of Red Database Security, Stephen Kost of Integrigy, Dave Lewis, David Litchfield of NGS Softw |
| Vulnerable: |
Oracle TimesTen In-Memory Database 7.0.3.0.0 Oracle PeopleSoft Enterprise PeopleTools 8.49.12 Oracle PeopleSoft Enterprise PeopleTools 8.48.18 Oracle PeopleSoft Enterprise Customer Relationship Manage 9.0 Oracle PeopleSoft Enterprise Customer Relationship Manage 8.9 Oracle Oracle9i Standard Edition 9.2 .8DV Oracle Oracle9i Standard Edition 9.2 .8 Oracle Oracle9i Standard Edition 9.0.1 .5 FIPS Oracle Oracle9i Personal Edition 9.2 .8DV Oracle Oracle9i Personal Edition 9.2 .8 Oracle Oracle9i Personal Edition 9.0.1 .5 FIPS Oracle Oracle9i Enterprise Edition 9.2 .8DV Oracle Oracle9i Enterprise Edition 9.2 .8.0 Oracle Oracle9i Enterprise Edition 9.0.1 .5 FIPS Oracle Oracle9i Application Server 1.0.2 .2 Oracle Oracle11g Standard Edition One 11.1 6 Oracle Oracle11g Standard Edition 11.1 6 Oracle Oracle11g Enterprise Edition 11.1 6 Oracle Oracle10g Standard Edition 10.2 .3 Oracle Oracle10g Standard Edition 10.2 .2 Oracle Oracle10g Standard Edition 10.1 .5 Oracle Oracle10g Standard Edition 10.2.0.4 Oracle Oracle10g Personal Edition 10.2 .3 Oracle Oracle10g Personal Edition 10.2 .2 Oracle Oracle10g Personal Edition 10.1 .5 Oracle Oracle10g Personal Edition 10.2.0.4 Oracle Oracle10g Enterprise Edition 10.2 .3 Oracle Oracle10g Enterprise Edition 10.2 .2 Oracle Oracle10g Enterprise Edition 10.1 .5 Oracle Oracle10g Enterprise Edition 10.2.0.4 Oracle Oracle10g Application Server 10.1.3 .3.0 Oracle Oracle10g Application Server 10.1.3 .1.0 Oracle Oracle10g Application Server 10.1.2 Oracle Oracle10g Application Server 9.0.4 3 Oracle Oracle10g Application Server 10.1.2.3.0 Oracle Hyperion Performance Suite 8.5.0.3 Oracle Hyperion Performance Suite 8.3.2.4 Oracle Hyperion BI Plus 9.3.1.0 Oracle Hyperion BI Plus 9.2.1.0 Oracle Hyperion BI Plus 9.2.0.3 Oracle Enterprise Manager Grid Control 10g 10.1 6 Oracle Enterprise Manager Grid Control 10g 10.1 .5 Oracle Enterprise Manager Database Control 11i 11.1.0.6 Oracle Enterprise Manager Database Control 10g 10.2.0.4 Oracle Enterprise Manager Database Control 10g 10.2.0.3 Oracle Enterprise Manager Database Control 10g 10.2.0.2 Oracle Enterprise Manager Database Control 10g 10.1.0.5 Oracle E-Business Suite 12 12.0.4 Oracle E-Business Suite 11i 11.5.10.2 HP Oracle for OpenView for Linux LTU Service Bureaus 0 HP Oracle for OpenView for Linux LTU 0 HP Oracle for OpenView 9.1.1 HP Oracle for OpenView 8.1.7 HP Oracle for OpenView 9.2 HP Oracle for OpenView 10gR2 HP Oracle for OpenView 10g BEA Systems Weblogic Server 8.1 SP 6 BEA Systems Weblogic Server 8.1 SP 5 BEA Systems Weblogic Server 8.1 SP 4 BEA Systems Weblogic Server 8.1 SP 3 BEA Systems Weblogic Server 8.1 SP 2 BEA Systems Weblogic Server 8.1 SP 1 BEA Systems Weblogic Server 7.0 SP 7 BEA Systems Weblogic Server 7.0 SP 6 BEA Systems Weblogic Server 7.0 SP 5 BEA Systems Weblogic Server 7.0 SP 4 BEA Systems Weblogic Server 7.0 SP 3 BEA Systems Weblogic Server 7.0 SP 2 BEA Systems Weblogic Server 7.0 SP 1 BEA Systems Weblogic Server 6.1 SP 7 BEA Systems Weblogic Server 6.1 SP 5 BEA Systems Weblogic Server 6.1 SP 4 BEA Systems Weblogic Server 6.1 SP 3 BEA Systems Weblogic Server 6.1 SP 2 BEA Systems Weblogic Server 6.1 SP 1 BEA Systems Weblogic Server 6.1 BEA Systems Weblogic Server 9.2 Maintenance Pack BEA Systems Weblogic Server 9.2 BEA Systems Weblogic Server 9.0 BEA Systems Weblogic Server 10.0 MP1 BEA Systems Weblogic Server 10.0 |
| Not Vulnerable: | |
Discussion
Oracle July 2008 Critical Patch Update Multiple Vulnerabilities
Oracle has released the July 2008 Critical Patch Update that addresses 44 new vulnerabilities affecting the following products:
Oracle Database
Oracle TimesTen In-Memory Database
Oracle Application Server
Oracle E-Business Suite and Application
Oracle Enterprise Manager
Oracle PeopleSoft Enterprise
Oracle BEA Products
Oracle has released the July 2008 Critical Patch Update that addresses 44 new vulnerabilities affecting the following products:
Oracle Database
Oracle TimesTen In-Memory Database
Oracle Application Server
Oracle E-Business Suite and Application
Oracle Enterprise Manager
Oracle PeopleSoft Enterprise
Oracle BEA Products
Exploit / POC
Oracle July 2008 Critical Patch Update Multiple Vulnerabilities
The following exploit code is available:
The following exploit code is available:
Solution / Fix
Oracle July 2008 Critical Patch Update Multiple Vulnerabilities
Solution:
Oracle has released CPUJuly2008 (Critical Patch Update July 2008) to address these issues. Contact the vendor for details on obtaining and applying the appropriate updates.
BEA Systems Weblogic Server 9.0
BEA Systems Weblogic Server 7.0 SP 7
Solution:
Oracle has released CPUJuly2008 (Critical Patch Update July 2008) to address these issues. Contact the vendor for details on obtaining and applying the appropriate updates.
BEA Systems Weblogic Server 9.0
-
BEA CR286943_CR239280_900rp.zip
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR286943_CR239280_900rp.zip -
BEA CR360676_900.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR360676_900.jar -
BEA uddiexplorer_90.zip
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/uddiexplorer_90.zip
BEA Systems Weblogic Server 7.0 SP 7
-
BEA CR370311_700sp7.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR370311_700sp7.jar -
BEA uddiexplorer_70sp7.zip
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/uddiexplorer_70sp7.zip
References
Oracle July 2008 Critical Patch Update Multiple Vulnerabilities
References:
References:
- Oracle Application Server PLSQL injection flaw (David Litchfield)
- Oracle Homepage (Oracle)
- iDefense Security Advisory 07.15.08: Oracle Database DBMS_AQELM Package Buffer O (iDefense Labs
- iDefense Security Advisory 07.15.08: Oracle Database Local Untrusted Library Pat (iDefense Labs
- iDefense Security Advisory 07.15.08: Oracle Internet Directory Pre-Authenticatio (iDefense Labs
- Oracle Application Server PLSQL injection flaw (David Litchfield"
- Oracle Database Local Untrusted Library Path Vulnerability (Joxean Koret
- Oracle Portal XSS fixed by CPU July 2008 (Andrea Purificato
- Re: Team SHATTER Security Advisory: SQL Injection in Oracle Database (DBMS_DEFER (Team SHATTER
- Team SHATTER Security Advisory: Cross-site scripting in Oracle Enterprise Manage (Team SHATTER
- Team SHATTER Security Advisory: SQL Injection in Oracle Application Server (WWEX (Team SHATTER
- Team SHATTER Security Advisory: SQL Injection in Oracle Database (DBMS_DEFER_SYS (Team SHATTER
- HPSBMA02133 SSRT061201 rev.9 - HP Oracle for OpenView (OfO) Critical Patch Updat (HP)
- Oracle Critical Patch Update Advisory - July 2008 (Oracle)
- Oracle Database DBMS_AQELM Package Buffer Overflow Vulnerability (iDefense)
- Oracle Database Local Untrusted Library Path Vulnerability (iDefense)
- Oracle Internet Directory Pre-Authentication LDAP DoS Vulnerability (iDefense)
- Security Advisory (CVE-2008-2576) (Oracle)
- Security Advisory (CVE-2008-2577) (Oracle)
- Security Advisory (CVE-2008-2578) (Oracle)
- Security Advisory (CVE-2008-2579) (Oracle)
- Security Advisory (CVE-2008-2580) (Oracle)
- Security Advisory (CVE-2008-2581) (Oracle)
- Security Advisory (CVE-2008-2582) (Oracle)