Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2005 > Oracle Products - Details of 23 recently identified vulnerabilities

January 2005

Oracle Products - Details of 23 recently identified vulnerabilities

ID: 00042
Ref: 38/05
Date: 19 January 2005:13:49:11
Version: 1
Title: Oracle Products - Details of 23 recently identified vulnerabilities
Abstract: 23 vulnerabilities have been reported in various Oracle products.
Oracle Products - 23 Vulnerabilities

SECUNIA ADVISORY ID:
SA13862

VERIFY ADVISORY:
http://secunia.com/advisories/13862/

CRITICAL:
Moderately critical

IMPACT:
Unknown, Manipulation of data, Exposure of sensitive information, Privilege
escalation, DoS

WHERE:
- From remote

SOFTWARE:
Oracle9i Database Standard Edition http://secunia.com/product/358/
Oracle9i Database Enterprise Edition http://secunia.com/product/359/
Oracle9i Application Server http://secunia.com/product/443/
Oracle8i Database http://secunia.com/product/360/
Oracle E-Business Suite 11i http://secunia.com/product/442/
Oracle Database Server 10g http://secunia.com/product/3387/
Oracle Collaboration Suite Release 2 http://secunia.com/product/2451/
Oracle Applications 11i http://secunia.com/product/1916/
Oracle Application Server 10g http://secunia.com/product/3190/

DESCRIPTION:
23 vulnerabilities have been reported in various Oracle products. Some have an unknown
impact and others can be exploited to disclose sensitive information, gain escalated
privileges, conduct PL/SQL injection attacks, manipulate information, or cause a DoS
(Denial of Service).

1) A boundary error in the Networking component can be exploited by malicious database
users to crash the database via a specially crafted connect string.

Successful exploitation requires permissions to create database links.

2) An unspecified error in the LOB Access component can be exploited to disclose sensitive
information.

Successful exploitation requires permissions to read on a database directory object.

3) An unspecified error in the Spatial component can potentially be exploited to disclose
information, manipulate data, or cause a DoS.

Successful exploitation requires execute permissions on the mdsys.md2 package.

4) An unspecified error in the UTL_FILE component can potentially be exploited to
manipulate information.

Successful exploitation requires permissions to read on a database directory object.

5) An unspecified error in the Diagnostic component can potentially be exploited to
disclose information, manipulate data, or cause a DoS.

6) An unspecified error in the XDB component can potentially be exploited to disclose
or manipulate information.

Successful exploitation requires execute permissions on the xdb.dbms_xdb packages.

7+8) Two unspecified errors in the XDB component can potentially be
exploited to disclose or manipulate information.

Successful exploitation requires execute permissions on the xdb.dbms_xdbz0 package.

9) An unspecified error in the Dataguard component can potentially be exploited to
disclose or manipulate information.

Successful exploitation requires execute permissions on the exfsys.dbms_expfil package.

10) An unspecified error in the Log Miner component can potentially be exploited to
disclose or manipulate information.

Successful exploitation requires execute permissions on the dbms_logmnr package.

11) An unspecified error in the OLAP component can potentially be exploited to disclose
or manipulate information.

Successful exploitation requires execute permissions on the olapsys package.

12) An unspecified error in the Data Mining component can potentially be exploited to
disclose or manipulate information.

Successful exploitation requires execute permissions on the dmsys.dmp_sys package.

13) An unspecified error in the Advanced Queuing component can potentially be exploited
to disclose or manipulate information.

Successful exploitation requires execute permissions on the dbms_transform_eximp package.

14) An unspecified error in the Change Data Capture component can potentially be exploited
to disclose or manipulate information.

Successful exploitation requires execute permissions on the dbms_cdc_dputil package.

15) An unspecified error in the Change Data Capture component can potentially be exploited
to disclose or manipulate information.

Successful exploitation requires execute permissions on the dbms_cdc_impdp package.

16) An unspecified error in the Database Core component can be exploited to disclose or
manipulate information.

17) An unspecified error in the OHS component can potentially be exploited to disclose
or manipulate information.

Successful exploitation requires execute permissions on the owa_opt_lock package.

18) An unspecified error in the Report Server component can be exploited to disclose
or manipulate information.

19) An unspecified error in the Forms component can be exploited to cause a DoS
(Denial of Service).

20) An unspecified error in the mod_plsql component can potentially be exploited to
disclose or manipulate information.

Successful exploitation requires execute permissions on the owa_opt_lock package.

21) An unspecified error in the Calendar component can potentially be exploited to
disclose information, manipulate data, or cause a DoS by viewing a malicious image.

22) An unspecified error in Oracle E-Business Suite can potentially be exploited to
disclose or manipulate information.

Successful exploitation requires a valid session.

23) Another unspecified error in Oracle E-Business Suite can potentially also be
exploited to disclose or manipulate information.

The vulnerabilities affect the following versions:
* Oracle Database 10g Release 1, versions 10.1.0.2, 10.1.0.3 and 10.1.0.3.1
* Oracle9i Database Server Release 2, versions 9.2.0.4, 9.2.0.5 and 9.2.0.6
* Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5 and 9.0.4 (9.0.1.5 FIPS)
* Oracle8i Database Server Release 3, version 8.1.7.4
* Oracle8 Database Release 8.0.6, version 8.0.6.3
* Oracle Application Server 10g Release 2 (10.1.2)
* Oracle Application Server 10g (9.0.4), versions 9.0.4.0 and 9.0.4.1
* Oracle9i Application Server Release 2, versions 9.0.2.3 and 9.0.3.1
* Oracle9i Application Server Release 1, version 1.0.2.2
* Oracle Collaboration Suite Release 2, version 9.0.4.2
* Oracle E-Business Suite and Applications Release 11i (11.5)
* Oracle E-Business Suite and Applications Release 11.0

SOLUTION:
Apply patches. http://metalink.oracle.com/metalink/plsql/showdoc?db=NOT&id=293953.1

PROVIDED AND/OR DISCOVERED BY:
The vendor credits the following people:
* Pete Finnigan
* Alexander Kornbrust, Red Database Security
* Stephen Kost, Integrigy
* David Litchfield, NGSSoftware

ORIGINAL ADVISORY:
Oracle: http://otn.oracle.com/deploy/security/pdf/cpu-jan-2005_advisory.pdf

NGSSoftware:
http://www.nextgenss.com/advisories/oracle-02.txt

Pete Finnigan: http://www.petefinnigan.com/directory_traversal.pdf

Red Database Security: http://www.red-database-security.com/content6.html

- ----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help everybody keeping
their systems up to date against the latest vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by clicking the link.
Secunia NEVER sends attached files with advisories. Secunia does not advise people
to install third party patches, only use those supplied by the vendor.

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |