BID:51410

RETIRED: Oracle January 2012 Critical Patch Update Multiple Vulnerabilities

Info

RETIRED: Oracle January 2012 Critical Patch Update Multiple Vulnerabilities

Bugtraq ID:	51410
Class:	Unknown
CVE:
Remote:	Yes
Local:	Yes
Published:	Jan 13 2012 12:00AM
Updated:	Jan 18 2012 06:20PM
Credit:	Oracle
Vulnerable:	Sun Ray Server Software 3.1.1 Sun Ray Server Software 2.0 Sun Ray Server Software 1.3 Sun Ray Server Software 1.2 Sun Ray Server Software 4.2 Sun Ray Server Software 4.1 Sun Ray Server Software 4.0 Sun Ray Server Software 3.5 Sun Ray Server Software 3.1 Sun Ray Server Software 3.0 Sun Ray 5.3 Sun OpenSSO Enterprise 8.0 Sun OpenSSO Enterprise 0 Sun OpenSolaris build snv_99 Sun OpenSolaris build snv_98 Sun OpenSolaris build snv_96 Sun OpenSolaris build snv_95 Sun OpenSolaris build snv_94 Sun OpenSolaris build snv_93 Sun OpenSolaris build snv_92 Sun OpenSolaris build snv_91 Sun OpenSolaris build snv_90 Sun OpenSolaris build snv_89 Sun OpenSolaris build snv_88 Sun OpenSolaris build snv_87 Sun OpenSolaris build snv_86 Sun OpenSolaris build snv_85 Sun OpenSolaris build snv_84 Sun OpenSolaris build snv_83 Sun OpenSolaris build snv_82 Sun OpenSolaris build snv_81 Sun OpenSolaris build snv_80 Sun OpenSolaris build snv_78 Sun OpenSolaris build snv_77 Sun OpenSolaris build snv_76 Sun OpenSolaris build snv_74 Sun OpenSolaris build snv_71 Sun OpenSolaris build snv_68 Sun OpenSolaris build snv_67 Sun OpenSolaris build snv_64 Sun OpenSolaris build snv_61 Sun OpenSolaris build snv_59 Sun OpenSolaris build snv_58 Sun OpenSolaris build snv_57 Sun OpenSolaris build snv_56 Sun OpenSolaris build snv_54 Sun OpenSolaris build snv_51 Sun OpenSolaris build snv_50 Sun OpenSolaris build snv_49 Sun OpenSolaris build snv_48 Sun OpenSolaris build snv_47 Sun OpenSolaris build snv_45 Sun OpenSolaris build snv_41 Sun OpenSolaris build snv_39 Sun OpenSolaris build snv_38 Sun OpenSolaris build snv_37 Sun OpenSolaris build snv_36 Sun OpenSolaris build snv_35 Sun OpenSolaris build snv_29 Sun OpenSolaris build snv_28 Sun OpenSolaris build snv_22 Sun OpenSolaris build snv_19 Sun OpenSolaris build snv_151a Sun OpenSolaris build snv_151a Sun OpenSolaris build snv_151 Sun OpenSolaris build snv_137 Sun OpenSolaris build snv_136 Sun OpenSolaris build snv_135 Sun OpenSolaris build snv_134a Sun OpenSolaris build snv_134 Sun OpenSolaris build snv_133 Sun OpenSolaris build snv_132 Sun OpenSolaris build snv_131 Sun OpenSolaris build snv_130 Sun OpenSolaris build snv_13 Sun OpenSolaris build snv_129 Sun OpenSolaris build snv_128 Sun OpenSolaris build snv_127 Sun OpenSolaris build snv_126 Sun OpenSolaris build snv_125 Sun OpenSolaris build snv_124 Sun OpenSolaris build snv_123 Sun OpenSolaris build snv_122 Sun OpenSolaris build snv_121 Sun OpenSolaris build snv_120 Sun OpenSolaris build snv_119 Sun OpenSolaris build snv_118 Sun OpenSolaris build snv_117 Sun OpenSolaris build snv_116 Sun OpenSolaris build snv_115 Sun OpenSolaris build snv_114 Sun OpenSolaris build snv_113 Sun OpenSolaris build snv_112 Sun OpenSolaris build snv_111a Sun OpenSolaris build snv_111 Sun OpenSolaris build snv_110 Sun OpenSolaris build snv_109 Sun OpenSolaris build snv_108 Sun OpenSolaris build snv_107 Sun OpenSolaris build snv_106 Sun OpenSolaris build snv_105 Sun OpenSolaris build snv_104 Sun OpenSolaris build snv_103 Sun OpenSolaris build snv_102 Sun OpenSolaris build snv_101a Sun OpenSolaris build snv_101 Sun OpenSolaris build snv_100 Sun OpenSolaris build snv_02 Sun OpenSolaris build snv_01 Sun OpenSolaris Build Snv 111B Oracle Weblogic Server 10.3.3 Oracle Weblogic Server 10.3.2 Oracle Weblogic Server 10.3.1 Oracle Weblogic Server 10.3.4 Oracle Weblogic Server 10.3 Oracle Weblogic Server 10.1 Oracle Weblogic Server 10 Oracle Weblogic Portal 9.2 Oracle Weblogic Portal 10.3 Oracle VM VirtualBox 4.1 Oracle Virtual Desktop Infrastructure 3.2 Oracle Transportation Manager 6.2 Oracle Transportation Manager 6.1 Oracle Transportation Manager 6.0 Oracle Transportation Manager 5.5.06.00 Oracle Siebel CRM Core and Apps 8.1.1 Oracle PeopleSoft Enterprise PeopleTools 8.52 Oracle PeopleSoft Enterprise HRMS 9.1 Oracle PeopleSoft Enterprise HRMS 9.0 Oracle PeopleSoft Enterprise HRMS 8.9 Oracle Outside In 8.3.7 Oracle Outside In 8.3.5.0 Oracle Oracle11g Enterprise Edition 11.2.0.2.0 Oracle Oracle10g Standard Edition 10.2 .5 Oracle Oracle10g Standard Edition 10.2 .3 Oracle Oracle10g Standard Edition 10.2 .2 Oracle Oracle10g Standard Edition 10.1 .5 Oracle Oracle10g Personal Edition 10.2 .5 Oracle Oracle10g Personal Edition 10.2 .3 Oracle Oracle10g Personal Edition 10.2 .2 Oracle Oracle10g Personal Edition 10.2 .1 Oracle Oracle10g Enterprise Edition 11.2.0.2 Oracle Oracle Identity Management 10g 10.1.4 .3.0 Oracle Oracle Identity Management 10g 10.1.4 .0.1 Oracle JDEdwards 8.98 Oracle Fusion Middleware 11.1.1.5.0 Oracle Fusion Middleware 11.1.1.4.0 Oracle Fusion Middleware 11.1.1.3.0 Oracle Enterprise Manager 11.1.0.1 Oracle Enterprise Manager 10.2.0.5 Oracle Enterprise Linux 5 Oracle E-Business Suite 12 12.1.2 Oracle E-Business Suite 12 12.0.6 Oracle E-Business Suite 12 12.1.3 Oracle CRM 8.9 Oracle CRM 8.0.0 Oracle Business Intelligence Enterprise Edition 11.1.1.5 Oracle Business Intelligence Enterprise Edition 11.1.1.3 Oracle Application Server 10.1.3.5.0 MySQL AB MySQL 5.5 -ms2 MySQL AB MySQL 5.5 MySQL AB MySQL 5.1.52 MySQL AB MySQL 5.1.51 MySQL AB MySQL 5.1.50 MySQL AB MySQL 5.1.49 MySQL AB MySQL 5.1.48 MySQL AB MySQL 5.1.47 MySQL AB MySQL 5.1.46 MySQL AB MySQL 5.1.45 MySQL AB MySQL 5.1.44 MySQL AB MySQL 5.1.43 MySQL AB MySQL 5.1.42 MySQL AB MySQL 5.1.42 MySQL AB MySQL 5.1.41 MySQL AB MySQL 5.1.39 MySQL AB MySQL 5.1.38 MySQL AB MySQL 5.1.37 MySQL AB MySQL 5.1.36 MySQL AB MySQL 5.1.35 MySQL AB MySQL 5.1.34 MySQL AB MySQL 5.1.33 MySQL AB MySQL 5.1.32 MySQL AB MySQL 5.1.31 MySQL AB MySQL 5.1.30 MySQL AB MySQL 5.1.26 MySQL AB MySQL 5.1.23 MySQL AB MySQL 5.1.22 MySQL AB MySQL 5.1.21 MySQL AB MySQL 5.1.20 MySQL AB MySQL 5.1.18 MySQL AB MySQL 5.1.17 MySQL AB MySQL 5.1.16 MySQL AB MySQL 5.1.15 MySQL AB MySQL 5.1.14 MySQL AB MySQL 5.1.13 MySQL AB MySQL 5.1.12 MySQL AB MySQL 5.1.11 MySQL AB MySQL 5.1.10 MySQL AB MySQL 5.1.9 MySQL AB MySQL 5.1.8 MySQL AB MySQL 5.1.6 MySQL AB MySQL 5.1.5 MySQL AB MySQL 5.1.4 MySQL AB MySQL 5.1.3 MySQL AB MySQL 5.1.2 MySQL AB MySQL 5.1.1 8 MySQL AB MySQL 5.0.88 MySQL AB MySQL 5.0.75 MySQL AB MySQL 5.0.66 MySQL AB MySQL 5.0.63 MySQL AB MySQL 5.0.60 MySQL AB MySQL 5.0.52 MySQL AB MySQL 5.0.51 MySQL AB MySQL 5.0.50 MySQL AB MySQL 5.0.49 MySQL AB MySQL 5.0.48 MySQL AB MySQL 5.0.47 MySQL AB MySQL 5.0.46 MySQL AB MySQL 5.0.45 MySQL AB MySQL 5.0.44 MySQL AB MySQL 5.0.42 MySQL AB MySQL 5.0.40 MySQL AB MySQL 5.0.39 MySQL AB MySQL 5.0.38 MySQL AB MySQL 5.0.37 MySQL AB MySQL 5.0.36 MySQL AB MySQL 5.0.33 MySQL AB MySQL 5.0.32 MySQL AB MySQL 5.0.27 MySQL AB MySQL 5.0.26 MySQL AB MySQL 5.0.24 MySQL AB MySQL 5.0.22 -1-0.1 MySQL AB MySQL 5.0.22 MySQL AB MySQL 5.0.21 MySQL AB MySQL 5.0.20 MySQL AB MySQL 5.0.19 MySQL AB MySQL 5.0.18 MySQL AB MySQL 5.0.16 MySQL AB MySQL 5.0.15 MySQL AB MySQL 5.0.14 MySQL AB MySQL 5.0.13 MySQL AB MySQL 5.0.12 MySQL AB MySQL 5.0.11 MySQL AB MySQL 5.0.10 MySQL AB MySQL 5.0.9 MySQL AB MySQL 5.0.8 MySQL AB MySQL 5.0.7 MySQL AB MySQL 5.0.6 MySQL AB MySQL 5.0.5 MySQL AB MySQL 5.0.4 MySQL AB MySQL 5.0.3 MySQL AB MySQL 5.0.2 MySQL AB MySQL 5.0.1 MySQL AB MySQL 5.0 .0-alpha MySQL AB MySQL 5.0 .0-0 MySQL AB MySQL 5.0 MySQL AB MySQL 5.6 MySQL AB MySQL 5.1.5A MySQL AB MySQL 5.1.46 Sp1 MySQL AB MySQL 5.1.43 Sp1 MySQL AB MySQL 5.1.40 Sp1 MySQL AB MySQL 5.1.40 MySQL AB MySQL 5.1.37 Sp1 MySQL AB MySQL 5.1.34 Sp1 MySQL AB MySQL 5.1.32-Bzr MySQL AB MySQL 5.1.31 Sp1 MySQL AB MySQL 5.1.29 MySQL AB MySQL 5.1.28 MySQL AB MySQL 5.1.27 MySQL AB MySQL 5.1.25 MySQL AB MySQL 5.1.24 MySQL AB MySQL 5.1.23A MySQL AB MySQL 5.1.23 Bk MySQL AB MySQL 5.1.23 A MySQL AB MySQL 5.1.19 MySQL AB MySQL 5.1 MySQL AB MySQL 5.0.77 MySQL AB MySQL 5.0.51a MySQL AB MySQL 5.0.4A MySQL AB MySQL 5.0.41 MySQL AB MySQL 5.0.3A MySQL AB MySQL 5.0.3 Beta MySQL AB MySQL 5.0.20A MySQL AB MySQL 5.0.1A MySQL AB MySQL 5.0.17A MySQL AB MySQL 5.0.17 MySQL AB MySQL 5.0.16A MySQL AB MySQL 5.0.15A MySQL AB MySQL 5.0.10A

Not Vulnerable:

Discussion

RETIRED: Oracle January 2012 Critical Patch Update Multiple Vulnerabilities

Oracle has released advance notification regarding the January 2012 Critical Patch Update (CPU) to be released on January 17, 2012. The update addresses 78 vulnerabilities affecting the following software:

Oracle Database Server
Oracle Fusion Middleware
Oracle E-Business Suite
Oracle Supply Chain
Oracle PeopleSoft
Oracle JD Edwards Products
Oracle Sun
Oracle Virtualization
Oracle MySQL

Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system.

This BID is being retired. The following individual records exist to better document the issues:

49303 Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
50992 JasPer Multiple Remote Heap Buffer Overflow Vulnerabilities
51194 Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
51451 Oracle Fusion Middleware CVE-2012-0083 Remote Oracle WebCenter Content Vulnerability
51452 Oracle Outside In CVE-2012-0110 Local Security Vulnerability
51453 Oracle Database Server CVE-2012-0082 Core RDBMS Remote Vulnerability
51454 Oracle Fusion Middleware CVE-2012-0084 Remote Oracle WebCenter Content Vulnerability
51455 Oracle JD Edwards CVE-2011-2324 Remote JD Edwards EnterpriseOne Tools Vulnerability
51456 Oracle JD Edwards CVE-2011-2317 Remote JD Edwards EnterpriseOne Tools Vulnerability
51457 Oracle Fusion Middleware CVE-2012-0085 Remote Security Vulnerability
51458 Oracle Database Server CVE-2012-0072 Listener Remote Vulnerability
51459 Oracle JDEdwards CVE-2011-3509 Remote Security Vulnerability
51460 Oracle Fusion Middleware CVE-2012-0077 Remote Oracle WebLogic Server Vulnerability
51461 Oracle VM VirtualBox CVE-2012-0105 Local Vulnerability
51462 Oracle Fusion Middleware CVE-2011-3569 Remote Security Vulnerability
51463 Oracle Web Services Manager CVE-2011-3568 Remote Oracle Web Services Manager Vulnerability
51464 Oracle JDEdwards CVE-2011-3514 Remote Security Vulnerability
51465 Oracle VM VirtualBox CVE-2012-0111 Local Vulnerability
51466 Oracle PeopleSoft CVE-2012-0080 PeopleSoft Enterprise HCM Remote Vulnerability
51467 Oracle Virtual Desktop Infrastructure (VDI) CVE-2011-3571 Remote Vulnerability
51468 Oracle JDEdwards CVE-2011-3524 Remote Security Vulnerability
51469 Oracle Weblogic Server CVE-2011-3566 Remote Security Vulnerability
51471 Oracle Web Services Manager CVE-2011-3531 Remote Oracle Web Services Manager Vulnerability
51472 Oracle PeopleSoft CVE-2012-0074 Remote PeopleSoft Enterprise CRM Vulnerability
51473 Oracle E-Business Suite CVE-2012-0073 Remote Oracle Forms Vulnerability
51474 Oracle PeopleSoft Enterprise HCM CVE-2012-0076 Remote PeopleSoft Enterprise HCM Vulnerability
51475 Oracle Sun Solaris CVE-2012-0100 Local Security Vulnerability
51476 Oracle Sun Solaris CVE-2012-0094 Remote Security Vulnerability
51477 Oracle E-Business Suite CVE-2012-0078 Remote Oracle Application Object Library Vulnerability
51478 Oracle JDEdwards CVE-2011-2321 Remote Security Vulnerability
51479 Oracle PeopleSoft Enterprise HCM CVE-2012-0089 Remote PeopleSoft Enterprise HCM Vulnerability
51480 Oracle PeopleSoft CVE-2012-0088 PeopleSoft Enterprise HCM Remote Vulnerability
51481 Oracle PeopleSoft Enterprise PeopleTools CVE-2012-0091 Remote PeopleSoft Enterprise PeopleTools Vuln
51482 Oracle JDEdwards CVE-2011-2326 Remote Security Vulnerability
51483 Oracle E-Business Suite CVE-2011-2271 Remote Oracle Application Object Library Vulnerability
51484 Oracle GlassFish Enterprise Server CVE-2012-0104 Remote Vulnerability
51485 Oracle GlassFish Enterprise Server CVE-2012-0081 Local GlassFish Enterprise Server Vulnerability
51486 Oracle JDEdwards CVE-2011-2325 Remote Security Vulnerability
51487 Oracle Solaris CVE-2012-0109 Local Solaris Vulnerability
51488 Oracle MySQL CVE-2012-0113 Remote MySQL Server Vulnerability
51489 Oracle Communications Unified CVE-2011-3574 Local Oracle Communications Unified Vulnerability
51490 Oracle Solaris CVE-2012-0096 Remote Vulnerability
51491 Oracle Communications Unified CVE-2011-3565 Local Security Vulnerability
51492 Oracle OpenSSO CVE-2012-0079 Remote Security Vulnerability
51493 Oracle MySQL CVE-2011-2262 Remote MySQL Server Vulnerability
51494 Oracle Solaris CVE-2012-0103 Local Solaris Vulnerability
51495 Oracle Communications Unified CVE-2011-3570 Local Security Vulnerability
51496 Oracle Communications Unified CVE-2011-3573 Remote Security Vulnerability
51497 Oracle GlassFish Enterprise Server CVE-2011-3564 Local Security Vulnerability
51498 Oracle Solaris CVE-2012-0097 Local Solaris Vulnerability
51499 Oracle Solaris CVE-2012-0098 Local Solaris Vulnerability
51500 Oracle Sun Solaris CVE-2012-0099 Remote Security Vulnerability
51502 Oracle MySQL Server CVE-2012-0102 Remote Security Vulnerability
51503 Oracle MySQL Server CVE-2012-0487 Remote MySQL Server Vulnerability
51504 Oracle MySQL CVE-2012-0115 Remote Vulnerability
51505 Oracle MySQL Server CVE-2012-0101 Remote Security Vulnerability
51506 Oracle MySQL Server CVE-2012-0488 Remote MySQL Server Vulnerability
51507 Oracle MySQL Server CVE-2012-0496 Remote Security Vulnerability
51508 Oracle MySQL CVE-2012-0116 Remote MySQL Server Vulnerability
51509 Oracle MySQL Server CVE-2012-0087 Remote Security Vulnerability
51510 Oracle MySQL Server CVE-2012-0489 Remote MySQL Server Vulnerability
51511 Oracle MySQL CVE-2012-0118 Remote MySQL Server Vulnerability
51512 Oracle MySQL CVE-2012-0119 Remote Vulnerability
51513 Oracle MySQL Server CVE-2012-0485 Remote Security Vulnerability
51514 Oracle MySQL Server CVE-2012-0486 Remote Security Vulnerability
51515 Oracle MySQL Server CVE-2012-0484 Remote Security Vulnerability
51516 Oracle MySQL Server CVE-2012-0492 Remote MySQL Server Vulnerability
51517 Oracle MySQL CVE-2012-0120 Remote Vulnerability
51518 Oracle MySQL Server CVE-2012-0491 Remote Security Vulnerability
51519 Oracle MySQL Server CVE-2012-0112 Remote MySQL Server Vulnerability
51520 Oracle MySQL Server CVE-2012-0114 Local Security Vulnerability
51521 Oracle MySQL Server CVE-2012-0117 Remote MySQL Server Vulnerability
51522 Oracle MySQL Server CVE-2012-0495 Remote Security Vulnerability
51523 Oracle MySQL Server CVE-2012-0494 Local Security Vulnerability
51524 Oracle MySQL Server CVE-2012-0490 Remote Security Vulnerability
51525 Oracle MySQL CVE-2012-0493 Remote Vulnerability
51526 Oracle MySQL CVE-2012-0075 Remote MySQL Server Vulnerability

Exploit / POC

RETIRED: Oracle January 2012 Critical Patch Update Multiple Vulnerabilities

Some of these issues may not require specific exploit code and may be trivial to exploit.

Solution / Fix

Oracle January 2012 Critical Patch Update Multiple Vulnerabilities

Solution:
The vendor plans to release updates to address these issues on January 17, 2012. Please see the references for more information.

References

RETIRED: Oracle January 2012 Critical Patch Update Multiple Vulnerabilities

References:

Oracle Homepage (Oracle)
Oracle Critical Patch Update Pre-Release Announcement - January 2012 (Oracle)