Oracle9i Lite Multiple Unspecified Vulnerabilities
BID:9704
Info
Oracle9i Lite Multiple Unspecified Vulnerabilities
| Bugtraq ID: | 9704 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 20 2004 12:00AM |
| Updated: | Feb 20 2004 12:00AM |
| Credit: | These vulnerabilities were discovered by Alexander Kornbrust <[email protected]>. |
| Vulnerable: |
Oracle Oracle9i Lite 5.0 .2.9.0 Oracle Oracle9i Lite 5.0 .2.0.0 Oracle Oracle9i Lite 5.0 .1.0.0 Oracle Oracle9i Lite 5.0 .0.0.0 |
| Not Vulnerable: | |
Discussion
Oracle9i Lite Multiple Unspecified Vulnerabilities
It has been reported that Oracle9i Lite is prone to multiple unspecified vulnerabilities that may allow an attacker to gain unauthorized access to a connected Oracle database server if Oracle9i Lite Mobile Server is installed.
Due to a lack of information, further details cannot be outlined at the moment. This BID will be updated as more information becomes available.
Oracle9i Lite versions 5.0.0.0.0 to 5.0.2.9.0 have been reported to be vulnerable to these issues. Users running EBusiness 11i with Mobile Field Service Laptop and Pocket PC using the Oracle9i Lite Mobile Server are also reported to be vulnerable.
It has been reported that Oracle9i Lite is prone to multiple unspecified vulnerabilities that may allow an attacker to gain unauthorized access to a connected Oracle database server if Oracle9i Lite Mobile Server is installed.
Due to a lack of information, further details cannot be outlined at the moment. This BID will be updated as more information becomes available.
Oracle9i Lite versions 5.0.0.0.0 to 5.0.2.9.0 have been reported to be vulnerable to these issues. Users running EBusiness 11i with Mobile Field Service Laptop and Pocket PC using the Oracle9i Lite Mobile Server are also reported to be vulnerable.
Exploit / POC
Oracle9i Lite Multiple Unspecified Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Oracle9i Lite Multiple Unspecified Vulnerabilities
Solution:
Oracle has released patches for Oracle9i Lite versions 5.0.0.0.0, 5.0.1.0.0, and 5.0.2.0.0, however, customers running versions 5.0.0.0.0 and 5.0.1.0.0 must upgrade to 5.0.2.0.0 before applying the patches. Patches can be obtained from the referenced Metalink site.
Solution:
Oracle has released patches for Oracle9i Lite versions 5.0.0.0.0, 5.0.1.0.0, and 5.0.2.0.0, however, customers running versions 5.0.0.0.0 and 5.0.1.0.0 must upgrade to 5.0.2.0.0 before applying the patches. Patches can be obtained from the referenced Metalink site.
References
Oracle9i Lite Multiple Unspecified Vulnerabilities
References:
References:
- Oracle Support Metalink (Oracle)
- Security Vulnerabilities in Oracle9i Lite (Oracle)