RETIRED: Oracle April 2010 Critical Patch Update Multiple Vulnerabilities

BID:39333

Info

RETIRED: Oracle April 2010 Critical Patch Update Multiple Vulnerabilities

Bugtraq ID: 39333
Class: Unknown
CVE:
Remote: Yes
Local: Yes
Published: Apr 08 2010 12:00AM
Updated: Apr 15 2010 01:04AM
Credit: Oracle
Vulnerable: Sun Solaris 9_x86
Sun Solaris 9_sparc
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 10_x86
Sun Solaris 10_sparc
Sun Ray Server Software 3.1.1
Sun Ray Server Software 2.0
Sun Ray Server Software 1.3
- Sun Solaris 9
 - Sun Solaris 8_sparc
 Sun Ray Server Software 1.2
Sun Ray Server Software 4.2
Sun Ray Server Software 4.1
Sun Ray Server Software 4.0
Sun Ray Server Software 3.5
Sun Ray Server Software 3.1
Sun Ray Server Software 3.0
Sun Management Center 3.6.1
Sun Management Center 4.0
Sun Management Center 3.6
Sun Java System Directory Server Enterprise Edition 6.3.1
Sun Java System Directory Server Enterprise Edition 7.0
Sun Java System Directory Server Enterprise Edition 6.3
Sun Java System Directory Server Enterprise Edition 6.2
Sun Java System Directory Server Enterprise Edition 6.1
Sun Java System Directory Server Enterprise Edition 6.0
Sun Java System Directory Server Enterprise Edition 5
Sun Java System Directory Server 5.2 Patch6
Sun Java System Directory Server 5.2 Patch4
Sun Java System Directory Server 5.2 Patch3
Sun Java System Directory Server 5.2 Patch2
Sun Java System Directory Server 5.2 2005Q4
Sun Java System Directory Server 5.2 2005Q1
Sun Java System Directory Server 5.2 2004Q2
Sun Java System Directory Server 5.2 2003Q4
Sun Java System Directory Server 5.2
Sun Java System Directory Server 5.0 2004Q2
Sun Java System Communications Express 6.3
Sun Java System Communications Express 2005Q4
Sun Java System Communications Express 2005Q1
Sun Java System Communications Express 2004Q2
Sun Java System Communications Express 0
Sun Java System Access Manager 7.1 Windows
Sun Java System Access Manager 7.1 Solaris x86
Sun Java System Access Manager 7.1 Solaris SPARC
Sun Java System Access Manager 7.1 Linux
Sun Java System Access Manager 7.1 HP-UX
Sun Java System Access Manager 7.0 2005Q4 Windows
Sun Java System Access Manager 7.0 2005Q4 Solaris x
Sun Java System Access Manager 7.0 2005Q4 Solaris S
Sun Java System Access Manager 7.0 2005Q4 Linux
Sun Java System Access Manager 7.0 2005Q4 HP-UX
Sun Java System Access Manager 6.3 2005Q1 x86
Sun Java System Access Manager 6.3 2005Q1 SPARC
Sun Java System Access Manager 6.3 2005Q1 Linux
Sun Java System Access Manager 6.2 2004Q2 Solaris x
Sun Java System Access Manager 6.2 2004Q2 Solaris S
Sun Java System Access Manager 6.2 2004Q2 Linux
Sun Java System Access Manager 6.2
Sun Java System Access Manager 6.1
Sun Java System Access Manager 6 2005Q1 Windows
Sun Java System Access Manager 6 2005Q1 Solaris x86
Sun Java System Access Manager 6 2005Q1 Solaris SPA
Sun Java System Access Manager 6 2005Q1 Linux
Sun Java System Access Manager 6 2005Q1 2005Q1
Sun Convergence 0
Sun Cluster 3.1
Sun Cluster 3.0
Sun Cluster 2.2
- Sun Solaris 8_sparc
 - Sun Solaris 7.0
 - Sun Solaris 2.6
 Sun Cluster 2.1
- Sun Solaris 2.5.1
- Sun Solaris 2.6
 Sun Cluster 3.2
Sun Cluster 3.1 9/04
Sun Cluster 3.1 4/04
Oracle Transportation Manager 6.0.3
Oracle Transportation Manager 5.5.06.00
Oracle Transportation Manager 5.5.05.07
Oracle Thesaurus Management System 4.6.1
Oracle Thesaurus Management System 4.5.2
Oracle Thesaurus Management System 4.6
Oracle Retail Plan In-Season 12.2
Oracle Retail Place In-Season 12.2
Oracle Retail Markdown Optimization 13.1
Oracle PeopleSoft Enterprise PeopleTools 8.49.23
Oracle PeopleSoft Enterprise PeopleTools 8.49.21
Oracle PeopleSoft Enterprise PeopleTools 8.49.14
Oracle PeopleSoft Enterprise PeopleTools 8.49.12
Oracle PeopleSoft Enterprise PeopleTools 8.49.9
Oracle PeopleSoft Enterprise PeopleTools 8.50
Oracle PeopleSoft Enterprise PeopleTools 8.49
Oracle Oracle9i Standard Edition 9.2 .8DV
Oracle Oracle9i Standard Edition 9.2 .8
Oracle Oracle9i Personal Edition 9.2 .8DV
Oracle Oracle9i Enterprise Edition 9.2 .8DV
Oracle Oracle9i Enterprise Edition 9.2 .8.0
Oracle Oracle11g Standard Edition 11.1 .7
Oracle Oracle11g Standard Edition 11.2.0.1.0
Oracle Oracle11g Enterprise Edition 11.2.0.1.0
Oracle Oracle11g Enterprise Edition 11.1.0.7
Oracle Oracle10g Standard Edition 10.2 .3
Oracle Oracle10g Standard Edition 10.1 .0.5
Oracle Oracle10g Standard Edition 10.2.0.4
Oracle Oracle10g Personal Edition 10.2 .3
Oracle Oracle10g Personal Edition 10.1 .5
Oracle Oracle10g Personal Edition 10.2.0.4
Oracle Oracle10g Enterprise Edition 10.2 .3
Oracle Oracle10g Enterprise Edition 10.1 .5
Oracle Oracle10g Enterprise Edition 10.2.0.4
Oracle Oracle Identity Management 10g 10.1.4 .3.0
Oracle Oracle Identity Management 10g 10.1.4 .0.1
Oracle E-Business Suite 12 12.1.2
Oracle E-Business Suite 12 12.1.1
Oracle E-Business Suite 12 12.0.5
Oracle E-Business Suite 12 12.0.4
Oracle E-Business Suite 11i 11.5.10
Oracle E-Business Suite 11i 11.5.10.2
Oracle E-Business Suite 12.0.6
Oracle Communications Unified Inventory Management 7.1
Oracle Collaboration Suite Release 10.1.2 .4
Oracle Clinical Remote Data Capture Option 4.5.3
Oracle Clinical Remote Data Capture Option 4.6
Oracle Application Server 10.1.2.3
Oracle Agile Engineering Data Management 6.1.1.0
Not Vulnerable:

Discussion

RETIRED: Oracle April 2010 Critical Patch Update Multiple Vulnerabilities

Oracle has released advance notification regarding the April 2010 critical patch update to be released on April 13, 2010. The update addresses 47 vulnerabilities affecting the following software:

Oracle Database
Oracle Fusion Middleware
Oracle Collaboration Suite
Oracle E-Business Suite
Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
Oracle Industry Suite
Oracle Solaris Products

The following individual records exist to better document these issues:

39453 Oracle Sun Java System Directory Server CVE-2010-0897 Multiple Remote Vulnerabilities
39459 Oracle Solaris CVE-2010-0890 Local Vulnerability
39462 Oracle Sun Management Center CVE-2010-0891 Remote Vulnerability
39456 Oracle OpenSolaris CVE-2010-0889 Local Information Disclosure Vulnerability
39461 Oracle Sun Java System Communications Express CVE-2010-0885 Remote Address Book Vulnerability
39464 Oracle Cluster CVE-2010-0884 Unspecified Local Vulnerability
39460 Oracle Cluster CVE-2010-0883 Unspecified Local Vulnerability
39457 Oracle Java System Access Manager CVE-2010-0894 Remote Vulnerability
39458 Oracle Sun Convergence CVE-2010-0896 Remote Address Book/Mail Filter Vulnerability
39448 Oracle Industry Products Suite CVE-2010-0864 Remote Retail Place In-Season Vulnerability
39455 Oracle Solaris CVE-2010-0895 Unspecified Local Vulnerability
39454 Oracle Industry Product Suite CVE-2010-0863 Oracle Retail Plan In-Season Vulnerability
39451 Oracle Industry Applications CVE-2010-0875 Remote Thesaurus Management System Vulnerability
39452 Oracle E-Business Suite CVE-2010-0859 Remote Oracle Application Object Library Vulnerability
39450 Oracle Communications Industry Suite CVE-2010-0874 Remote Vulnerability
39444 Oracle Industry Product Suite CVE-2010-0862 Remote Vulnerability
39445 Oracle Life Sciences Industry Suite CVE-2010-0876 Remote Vulnerability
39446 Oracle Convergence CVE-2010-0893 Unspecified Remote Vulnerability
39447 Oracle Collaboration Suite CVE-2010-0881 Remote User Interface Components Vulnerability
39443 Oracle Fusion Middleware CVE-2010-0872 Remote Oracle Internet Directory Vulnerability
39437 Oracle Fusion Middleware CVE-2010-0855 Remote Portal Vulnerability
39442 Oracle Fusion Middleware CVE-2010-0856 Remote Portal Vulnerability
39441 PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2010-0879 Remote PeopleTools Vulnerability
39440 Oracle Solaris CVE-2010-0882 Local Trusted Extensions Vulnerability
39439 Oracle Database CVE-2010-0860 Remote Core RDBMS Vulnerability
39432 Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2010-0878 PeopleTools Vulnerability
39421 Oracle Database CVE-2010-0852 Remote XML DB Vulnerability
39438 Oracle Transportation Manager CVE-2010-0869 Oracle Transportation Management Remote Vulnerability
39429 Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2010-0877 PeopleTools Vulnerability
39434 Oracle Database CVE-2010-0851 Remote XML DB Vulnerability
39428 Oracle Database CVE-2010-0854 Remote Audit Vulnerability
39424 Oracle Database CVE-2010-0866 Remote JavaVM Vulnerability
39436 Oracle E-Business Suite CVE-2010-0858 Remote E-Business Intelligence Vulnerability
39422 Oracle Database CVE-2010-0870 Remote Change Data Capture Vulnerability
39435 Oracle E-Business Suite CVE-2010-0871 Oracle Application Object Library Remote Vulnerability
39427 Oracle Database CVE-2010-0867 Remote JavaVM Vulnerability
39433 Oracle Fusion Middleware CVE-2010-0086 Remote Portal Vulnerability
39425 Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2010-0880 PeopleTools Vulnerability
39430 Oracle E-Business Suite CVE-2010-0865 Oracle Agile Engineering Data Management Remote Vulnerability
39423 Oracle E-Business Suite CVE-2010-0868 Oracle iStore Remote Vulnerability
39431 Oracle E-Business Suite CVE-2010-0857 Remote Oracle Workflow Cartridge Vulnerability
39426 Oracle E-Business Suite CVE-2010-0861 Oracle HRMS (Self Service) Remote Vulnerability
37926 Oracle WebLogic Server Node Manager 'beasvc.exe' Remote Command Execution Vulnerability
39418 Oracle Fusion Middleware CVE-2010-0853 Oracle Internet Directory Remote Vulnerability
39420 Oracle Sun Ray Server Software CVE-2010-0888 Remote Device Services Vulnerability
35891 Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
34961 Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow Vulnerability
38016 Sun Solaris 'CODE_GET_VERSION IOCTL' Local Denial Of Service Vulnerability

Exploit / POC

RETIRED: Oracle April 2010 Critical Patch Update Multiple Vulnerabilities

Some of these issues may not require specific exploit code and may be trivial to exploit.

Solution / Fix

RETIRED: Oracle April 2010 Critical Patch Update Multiple Vulnerabilities

Solution:
The vendor plans to release updates to address these issues on April 13, 2010.

References

RETIRED: Oracle April 2010 Critical Patch Update Multiple Vulnerabilities

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report