• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Oracle Database Multiple Unspecified Vulnerabilities

Severity: CRITICAL

Description:

It is reported that Oracle Database 10g and Oracle9i Database Server products contain multiple unspecified vulnerabilities.

The reported vulnerabilities include SQL injection vulnerabilities and a buffer overflow issue.

It is reported that the issues include a single buffer overflow vulnerability and multiple PL/SQL injection issues. Reports indicate that the PL/SQL injection issues may be exploited by unprivileged users to gain DBA privileges. It is conjectured that the buffer overflow vulnerability may be exploited to execute arbitrary attacker-supplied code in the context of the affected database service.

NGSSoftware has stated that further details will be released on 18th of April 2005 regarding the issues that are described in this BID. At this point, the BID will be updated to contain any additional detail. Please see the referenced message for more information.

Affected Products:

• Oracle Oracle10g Application Server 10.1.0 .0.2
• Oracle Oracle10g Application Server 9.0.4 .0
• Oracle Oracle10g Enterprise Edition 10.1.0 .0.2
• Oracle Oracle10g Enterprise Edition 9.0.4 .0
• Oracle Oracle10g Personal Edition 10.1.0 .0.2
• Oracle Oracle10g Personal Edition 9.0.4 .0
• Oracle Oracle10g Standard Edition 10.1.0 .0.2
• Oracle Oracle10g Standard Edition 9.0.4 .0
• Oracle Oracle9i Application Server
• Oracle Oracle9i Application Server 1.0.2
• Oracle Oracle9i Application Server 1.0.2 .1s
• Oracle Oracle9i Application Server 1.0.2 .2
• Oracle Oracle9i Application Server 1.0.2 .2.2
• Oracle Oracle9i Application Server 9.0.2
• Oracle Oracle9i Application Server 9.0.2 .0.0
• Oracle Oracle9i Application Server 9.0.2 .0.1
• Oracle Oracle9i Application Server 9.0.2 .1
• Oracle Oracle9i Application Server 9.0.2 .2
• Oracle Oracle9i Application Server 9.0.2 .3
• Oracle Oracle9i Application Server 9.0.3
• Oracle Oracle9i Application Server 9.0.3 .1
• Oracle Oracle9i Client Edition 9.2.0 .0.1
• Oracle Oracle9i Client Edition 9.2.0 .0.2
• Oracle Oracle9i Developer Edition 9.0.4
• Oracle Oracle9i Enterprise Edition 8.1.7
• Oracle Oracle9i Enterprise Edition 9.0.0 .2.4
• Oracle Oracle9i Enterprise Edition 9.0.1
• Oracle Oracle9i Enterprise Edition 9.0.1 .4
• Oracle Oracle9i Enterprise Edition 9.0.1 .5
• Oracle Oracle9i Enterprise Edition 9.2.0 .0
• Oracle Oracle9i Enterprise Edition 9.2.0 .0.1
• Oracle Oracle9i Enterprise Edition 9.2.0 .0.3
• Oracle Oracle9i Enterprise Edition 9.2.0 .0.5
• Oracle Oracle9i Enterprise Edition 9.2.0.2
• Oracle Oracle9i Lite 5.0.0 .0.0.0
• Oracle Oracle9i Lite 5.0.0 .1.0.0
• Oracle Oracle9i Lite 5.0.0 .2.0.0
• Oracle Oracle9i Lite 5.0.0 .2.9.0
• Oracle Oracle9i Personal Edition 8.1.7
• Oracle Oracle9i Personal Edition 9.0.0 .2.4
• Oracle Oracle9i Personal Edition 9.0.1
• Oracle Oracle9i Personal Edition 9.0.1 .4
• Oracle Oracle9i Personal Edition 9.0.1 .5
• Oracle Oracle9i Personal Edition 9.2.0
• Oracle Oracle9i Personal Edition 9.2.0 .0.1
• Oracle Oracle9i Personal Edition 9.2.0 .0.2
• Oracle Oracle9i Personal Edition 9.2.0 .0.3
• Oracle Oracle9i Personal Edition 9.2.0 .0.5
• Oracle Oracle9i Standard Edition 8.1.7
• Oracle Oracle9i Standard Edition 9.0.0
• Oracle Oracle9i Standard Edition 9.0.0 .2.4
• Oracle Oracle9i Standard Edition 9.0.1
• Oracle Oracle9i Standard Edition 9.0.1 .2
• Oracle Oracle9i Standard Edition 9.0.1 .3
• Oracle Oracle9i Standard Edition 9.0.1 .4
• Oracle Oracle9i Standard Edition 9.0.1 .5
• Oracle Oracle9i Standard Edition 9.0.2
• Oracle Oracle9i Standard Edition 9.2.0
• Oracle Oracle9i Standard Edition 9.2.0 .0.1
• Oracle Oracle9i Standard Edition 9.2.0 .0.2
• Oracle Oracle9i Standard Edition 9.2.0 .0.3
• Oracle Oracle9i Standard Edition 9.2.0 .0.5
• Oracle Oracle9i Standard Edition 9.2.0 .3

References:

• Oracle: Critical Patch Update - January 2005
• Oracle: Oracle Homepage
• Oracle: Oracle Support Metalink
• Oracle: Oracle Support Page

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.