J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1537
    posted: 11/06/09
  • NSM Daily Update #1537
    posted: 11/06/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1537
    posted: 11/06/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/06/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/05/09

Title: Oracle Multiple Unspecified Vulnerabilities

Severity: CRITICAL

Description:

Reportedly, multiple unspecified Oracle products contain multiple unspecified vulnerabilities.

The reported vulnerabilities include SQL-injection issues, buffer-overflow issues, and others.

Reportedly, a subset of the issues described in this BID and resolved in the Oracle patch include buffer-overflow issues, PL/SQL-injection issues, trigger-abuse issues, character-set-conversion bugs, and denial-of-service vulnerabilities. These issues are a set of vulnerabilities found by NGSSoftware and other researchers. NGSSoftware has stated that more details will be released at the end of November regarding the issues they discovered. Please see the referenced message for more information.

The following buffer-overflow vulnerabilities were also reported:

- Buffer overflow in public procedure DROP_SITE_INSTANTIATION ofDBMS_REPCAT_INSTANTIATE package

- Buffer overflow in public function INSTANTIATE_OFFLINE of
DBMS_REPCAT_INSTANTIATE package

- Buffer overflow in public function INSTANTIATE_ONLINE of
DBMS_REPCAT_INSTANTIATE package

- Buffer overflow on 'gname' parameter on procedures of Replication
Management API Packages

- Buffer overflow on 'sname' and 'oname' parameters on procedures of
DBMS_REPCAT package

- Buffer overflow on 'type' parameter on procedures of DBMS_REPCAT
package

- Buffer overflow on 'gowner' parameter on procedures of the
DBMS_REPCAT package

- Buffer overflow on 'operation' parameter on procedures of
DBMS_REPCAT package

- Buffer overflow in procedure CREATE_MVIEW_REPGROUP of DBMS_REPCAT
package

- Buffer overflow in procedure GENERATE_REPLICATION_SUPPORT of
DBMS_REPCAT package

- Buffer overflow in procedures REGISTER_USER_REPGROUP and
UNREGISTER_USER_REPGROUP of DBMS_REPCAT_ADMIN package

- Buffer overflow in functions INSTANTIATE_OFFLINE,
INSTANTIATE_ONLINE, and procedure DROP_SITE_INSTANTIATION of
DBMS_REPCAT_RGT package

- Buffer overflow on TEMPFILE parameter

- Buffer overflow on LOGFILE parameter

- Buffer overflow on CONTROLFILE parameter

- Buffer overflow on FILE parameter

- Buffer overflow in Interval Conversion Functions

- Buffer overflow in String Conversion Function

- Buffer overflow in CTX_OUTPUT Package Function

- Buffer overflow on DATAFILE parameter

- Buffer overflow in DBMS_SYSTEM package function

- Buffer overflow on 'fname' parameter of the DBMS_REPCAT* packages

- Buffer overflow on procedures of the Replication Management API
packages

- Heap based buffer overflow Vulnerability in Oracle 10g iSQL*PLus
Service

- Buffer overflow in procedure AQ_TABLE_DEFN_UPDATE of
DBMS_AQ_IMPORT_INTERNAL package

- Buffer overflow in procedure VERIFY_QUEUE_TYPES_GET_NRP of
DBMS_AQADM package

- Buffer overflow in procedure VERIFY_QUEUE_TYPES_NO_QUEUE of
DBMS_AQADM package

- Buffer overflow in procedure VERIFY_QUEUE_TYPES of DBMS_AQADM_SYS
package

- Buffer overflow in procedure PARALLEL_PUSH_RECOVERY of
DBMS_DEFER_INTERNAL_SYS package

- Buffer overflow in procedure ENABLE_PROPAGATION_TO_DBLINK of
DBMS_DEFER_REPCAT package

- Buffer overflow in procedure DISABLE_RECEIVER_TRACE of
DBMS_INTERNAL_REPCAT package

- Buffer overflow in procedure ENABLE_RECEIVER_TRACE of
DBMS_INTERNAL_REPCAT package

- Buffer overflow in procedure VALIDATE of DBMS_INTERNAL_REPCAT package

- Buffer overflow in procedure DIFFERENCES of DBMS_RECTIFIER_DIFF
package

- Buffer overflow in procedure ADD_COLUMN of DBMS_REPCAT_RQ package

- Buffer overflow in procedure IS_MASTER of DBMS_REPCAT_UTL package

- Buffer overflow in procedure PUSHDEFERREDTXNS of LTUTIL package

- Buffer overflow in public procedure SDO_CODE_SIZE of MD2 package

- Buffer overflow in public procedure VALIDATE_GEOM of MD2 package

- Buffer overflow in public procedure SDO_CODE_SIZE of SDO_ADMIN package

- Buffer overflow in procedure SUBINDEXPOPULATE of DRIDDLR package

Specific details about the reported buffer overflows may be found in the Multiple vulnerabilities in Oracle Database Server advisory from AppSecInc.

These issues are pending further analysis and will be divided into individual BIDs when analysis is completed.

Note that a number of unsupported versions of affected products may also potentially be vulnerable.
** UPDATE 12/23/2004: Next Generation Security Software has published advisories containing technical details for 10 of these vulnerabilities:

- 10g/9i Trigger Abuse (SQL injection to gain database privileges) -- high risk

- 10g Character Conversion Error (bypass database access controls and gain SYS-level privileges) -- high risk

- 10g extproc Buffer Overflow (buffer-overflow vulnerability in loading of libraries) -- high risk

- 10g/9i extproc Directory Traversal (attackers can cause arbitrary libraries to be loaded; compromise of host possible) -- medium risk

- 10g/9i exproc Local Command Execution (users can specify a library to be loaded; arbitrary command execution possible) -- medium risk. Note: Oracle has stated that this is expected behavior. Patch #68 does not include a fix for this issue.

- 10g Clear Text Passwords (sensitive passwords for database user accounts are stored in world-readable files) -- medium risk

- Oracle Application Server ISQL*Plus Remote File Disclosure (remote users can retrieve any file on the filesystem that is readable by the Oracle user. Can be combined with the cleartext password issue described above to compromise the database) -- medium risk

- 10g TNS Listener DOS (malformed packet can cause the TNS listener to fail) -- high risk on systems where availability is critical, otherwise low

- 10g/9i Multiple PL/SQL SQL Injection Vulnerabilities (Multiple vulnerabilities in various PL/SQL procedures can be exploited to gain DBA privileges. Oracle application server exposes these procedures to anonymous attackers without database credentials) -- high risk

- 10g/9i Wrapped Procedure Buffer Overflow Vulnerability (buffer overflow related to handling of encrypted or wrapped PL/SQL procedures. Can allow attacker to run code as the Oracle user) -- high risk

See the references for more details. Symantec is currently analyzing these issues and individual alerts are forthcoming.

Affected Products:

  • Apache Software Foundation Apache 1.3.12
  • Apache Software Foundation Apache 1.3.22
  • HP HP-UX 11.0.0
  • HP HP-UX 11.11.0
  • Oracle Application Server 10g 9.0.4
  • Oracle Application Server 10g 9.0.4 .1
  • Oracle Application Server Web Cache 10g 9.0.4.0
  • Oracle Applications 10.7.0
  • Oracle Applications 11.0.0
  • Oracle Collaboration Suite Release 1 0.0.0
  • Oracle Configurator 11.0.0i
  • Oracle E-Business Suite 10.7.0
  • Oracle E-Business Suite 11.0.0
  • Oracle E-Business Suite 11i 11.1.0
  • Oracle E-Business Suite 11i 11.2.0
  • Oracle E-Business Suite 11i 11.3.0
  • Oracle E-Business Suite 11i 11.4.0
  • Oracle E-Business Suite 11i 11.5.0
  • Oracle E-Business Suite 11i 11.5.1
  • Oracle E-Business Suite 11i 11.5.2
  • Oracle E-Business Suite 11i 11.5.3
  • Oracle E-Business Suite 11i 11.5.4
  • Oracle E-Business Suite 11i 11.5.5
  • Oracle E-Business Suite 11i 11.5.6
  • Oracle E-Business Suite 11i 11.5.7
  • Oracle E-Business Suite 11i 11.5.8
  • Oracle E-Business Suite 11i 11.5.9
  • Oracle E-Business Suite 11i 11.6.0
  • Oracle E-Business Suite 11i 11.7.0
  • Oracle E-Business Suite 11i 11.8.0
  • Oracle Enterprise Manager 9.0.0 i
  • Oracle Enterprise Manager 9.0.1
  • Oracle Enterprise Manager Database Control 10g 10.1.0.0.2
  • Oracle Enterprise Manager Grid Control 10g 10.1.0.0.2
  • Oracle Files 9.0.3.1.0
  • Oracle Files 9.0.3.2.0
  • Oracle Files 9.0.3.3.0
  • Oracle Files 9.0.3.3.6
  • Oracle Label Security 8.1.7
  • Oracle Label Security 9.0.1
  • Oracle Oracle 9i Application Server Release 1 1.0.2 .2
  • Oracle Oracle HTTP Server 8.1.7
  • Oracle Oracle HTTP Server 9.0.1
  • Oracle Oracle HTTP Server 9.2.0 .0
  • Oracle Oracle10g Application Server 10.1.0 .0.2
  • Oracle Oracle10g Application Server 9.0.4.0
  • Oracle Oracle10g Enterprise Edition 10.1.0 .0.2
  • Oracle Oracle10g Enterprise Edition 9.0.4 .0
  • Oracle Oracle10g Personal Edition 10.1.0 .0.2
  • Oracle Oracle10g Personal Edition 9.0.4 .0
  • Oracle Oracle10g Standard Edition 10.1.0 .0.2
  • Oracle Oracle10g Standard Edition 9.0.4 .0
  • Oracle Oracle8 8.0.1
  • Oracle Oracle8 8.0.2
  • Oracle Oracle8 8.0.3
  • Oracle Oracle8 8.0.4
  • Oracle Oracle8 8.0.5
  • Oracle Oracle8 8.0.5.1
  • Oracle Oracle8 8.0.6
  • Oracle Oracle8 8.1.5
  • Oracle Oracle8 8.1.6
  • Oracle Oracle8 8.1.7
  • Oracle Oracle8i Enterprise Edition 8.0.5.0.0
  • Oracle Oracle8i Enterprise Edition 8.0.6.0.0
  • Oracle Oracle8i Enterprise Edition 8.0.6.0.1
  • Oracle Oracle8i Enterprise Edition 8.1.5.0.0
  • Oracle Oracle8i Enterprise Edition 8.1.5.0.2
  • Oracle Oracle8i Enterprise Edition 8.1.5.1.0
  • Oracle Oracle8i Enterprise Edition 8.1.6.0.0
  • Oracle Oracle8i Enterprise Edition 8.1.6.1.0
  • Oracle Oracle8i Enterprise Edition 8.1.7 .0.0
  • Oracle Oracle8i Enterprise Edition 8.1.7.1.0
  • Oracle Oracle8i Enterprise Edition 8.1.7.4
  • Oracle Oracle8i Standard Edition 8.0.6
  • Oracle Oracle8i Standard Edition 8.0.6.3
  • Oracle Oracle8i Standard Edition 8.1.5
  • Oracle Oracle8i Standard Edition 8.1.6
  • Oracle Oracle8i Standard Edition 8.1.7
  • Oracle Oracle8i Standard Edition 8.1.7.0.0
  • Oracle Oracle8i Standard Edition 8.1.7.1
  • Oracle Oracle8i Standard Edition 8.1.7.4
  • Oracle Oracle9i Application Server 0.0.0
  • Oracle Oracle9i Application Server 9.0.2
  • Oracle Oracle9i Application Server 9.0.2 .3
  • Oracle Oracle9i Application Server 9.0.2.0.0
  • Oracle Oracle9i Application Server 9.0.2.0.1
  • Oracle Oracle9i Application Server 9.0.2.1
  • Oracle Oracle9i Application Server 9.0.2.2
  • Oracle Oracle9i Application Server 9.0.3
  • Oracle Oracle9i Application Server 9.0.3 .1
  • Oracle Oracle9i Application Server Portal 9.0.2.3
  • Oracle Oracle9i Application Server Portal 9.0.2.3A
  • Oracle Oracle9i Application Server Portal 9.0.2.3B
  • Oracle Oracle9i Application Server Reports 9.0.2
  • Oracle Oracle9i Application Server Reports 9.0.2 .1
  • Oracle Oracle9i Application Server Web Cache 9.0.2 .2
  • Oracle Oracle9i Application Server Web Cache 9.0.2 .3
  • Oracle Oracle9i Application Server Web Cache 9.0.3.1
  • Oracle Oracle9i Client Edition 9.2.0 .0.1
  • Oracle Oracle9i Client Edition 9.2.0 .0.2
  • Oracle Oracle9i Enterprise Edition 8.1.7
  • Oracle Oracle9i Enterprise Edition 9.0.1
  • Oracle Oracle9i Enterprise Edition 9.0.1.4
  • Oracle Oracle9i Enterprise Edition 9.0.1.5
  • Oracle Oracle9i Enterprise Edition 9.2.0 .0.3
  • Oracle Oracle9i Enterprise Edition 9.2.0 .0.5
  • Oracle Oracle9i Enterprise Edition 9.2.0.0
  • Oracle Oracle9i Enterprise Edition 9.2.0.0.1
  • Oracle Oracle9i Enterprise Edition 9.2.0.0.2
  • Oracle Oracle9i Enterprise Edition 9.2.0.0.4
  • Oracle Oracle9i Lite 5.0.0.0.0.0
  • Oracle Oracle9i Lite 5.0.0.1.0.0
  • Oracle Oracle9i Lite 5.0.0.2.0.0
  • Oracle Oracle9i Lite 5.0.0.2.9.0
  • Oracle Oracle9i Personal Edition 8.1.7
  • Oracle Oracle9i Personal Edition 9.0.1
  • Oracle Oracle9i Personal Edition 9.0.1.4
  • Oracle Oracle9i Personal Edition 9.0.1.5
  • Oracle Oracle9i Personal Edition 9.2.0
  • Oracle Oracle9i Personal Edition 9.2.0 .0.3
  • Oracle Oracle9i Personal Edition 9.2.0 .0.5
  • Oracle Oracle9i Personal Edition 9.2.0.0.1
  • Oracle Oracle9i Personal Edition 9.2.0.0.2
  • Oracle Oracle9i Personal Edition 9.2.0.0.4
  • Oracle Oracle9i Standard Edition 8.1.7
  • Oracle Oracle9i Standard Edition 9.0.0
  • Oracle Oracle9i Standard Edition 9.0.1
  • Oracle Oracle9i Standard Edition 9.0.1.2
  • Oracle Oracle9i Standard Edition 9.0.1.3
  • Oracle Oracle9i Standard Edition 9.0.1.4
  • Oracle Oracle9i Standard Edition 9.0.1.5
  • Oracle Oracle9i Standard Edition 9.0.2
  • Oracle Oracle9i Standard Edition 9.2.0
  • Oracle Oracle9i Standard Edition 9.2.0 .0.3
  • Oracle Oracle9i Standard Edition 9.2.0 .0.5
  • Oracle Oracle9i Standard Edition 9.2.0 .3
  • Oracle Oracle9i Standard Edition 9.2.0.0.1
  • Oracle Oracle9i Standard Edition 9.2.0.0.2
  • Oracle Oracle9i Standard Edition 9.2.0.0.4
  • Oracle iStore 11i 11i.IBE.O
  • Oracle listener 8.0.6
  • Oracle listener 8.1.6
  • RedHat Linux 6.1.0 i386
  • RedHat Linux 6.2.0 i386
  • Sun Solaris 7.0
  • Sun Solaris 8
  • Sun SunMC 3.5 update 1
  • Sun SunMC 3.5.0 update 1a

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.