J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: Oracle Database Multiple Vulnerabilities

Severity: CRITICAL

Description:

Oracle Database 10g, Oracle9i Database Server, Oracle8i Database Server, Oracle8 Database, Oracle Collaboration Suite, Oracle Application Server, and Oracle E-Business Suite are reported prone to multiple vulnerabilities.

Oracle has released a Critical Patch Update to address these issues in various supported applications. The following specific issues were identified:

- A networking component of Oracle8 Database is affected by a vulnerability. This issue requires SQL(Oracle Net) access and Database (create database link) authorization for exploitation. A successful attack can compromise all security properties of a vulnerable server.

- The LOB Access component of Oracle8i Database Server is reported prone to an information disclosure vulnerability. This issue requires SQL(Oracle Net) access and Database (read on database directory object) authorization for exploitation. A successful attack can compromise the confidentiality of a vulnerable server.

- The Spatial component of Oracle8i Database Server is reported prone to a vulnerability. This issue requires SQL(Oracle Net) access and Database (execute on mdsys.md2) authorization for exploitation. A successful attack can compromise all security properties of a vulnerable server.

- The UTL_FILE component of Oracle9i Database Server Release 2 is reported prone to a vulnerability. This issue requires SQL(Oracle Net) access and Database (read on database directory object) authorization for exploitation. A successful attack can compromise the integrity of a vulnerable server. It is reported that Directory objects in Oracle contain the location of a specific operating system directory. Database packages and functions may access DIRECTORY objects in various ways to use this location to carry out various attacks.

- A Diagnostic component of Oracle8i Database Server is reported prone to a vulnerability. This issue requires SQL(Oracle Net) access and Database authorization for exploitation. A successful attack can compromise all security properties of a vulnerable server.

- The XDB component of Oracle Database 10g and Oracle9i Database Server Release 2 is reported prone to multiple vulnerabilities. These issues require SQL(Oracle Net) access and Database (execute on xdb.dbms_xdb) and/or Database (execute on xdb.dbms_xdbz0) authorization for exploitation. A successful attack can compromise the confidentiality and integrity security properties of a vulnerable server.

- The Dataguard component of Oracle Database 10g is reported prone to a vulnerability. This issue requires SQL(Oracle Net) access and Database (execute on exfsys.dbms_expfil) authorization for exploitation. A successful attack can compromise the confidentiality and integrity security properties of a vulnerable server.

- The Log Miner component of Oracle9i Database Server Release 2 is reported prone to a vulnerability. This issue requires SQL(Oracle Net) access and Database (execute on dbms_logmnr) authorization for exploitation. A successful attack can compromise the confidentiality and integrity security properties of a vulnerable server.

- The OLAP component of Oracle9i Database Server Release 2 is reported prone to a vulnerability. This issue requires SQL(Oracle Net) access and Database (execute on olapsys) authorization for exploitation. A successful attack can compromise the confidentiality and integrity security properties of a vulnerable server.

- The Data Mining component of Oracle Database 10g is reported prone to a vulnerability. This issue requires SQL(Oracle Net) access and Database (execute on dmsys.dmp_sys) authorization for exploitation. A successful attack can compromise the confidentiality and integrity security properties of a vulnerable server.

- The Advanced Queuing component of Oracle Database 10g is reported prone to a vulnerability. This issue requires SQL(Oracle Net) access and Database (execute on dbms_transform_eximp) authorization for exploitation. A successful attack can compromise the confidentiality and integrity security properties of a vulnerable server.

- The Change Data Capture component of Oracle Database 10g is reported prone to multiple vulnerabilities. These issues require SQL(Oracle Net) access and Database (execute on dbms_cdc_dputil) and/or Database (execute on dbms_cdc_impdp) authorization for exploitation. A successful attack can compromise the confidentiality and integrity security properties of a vulnerable server.

- The Database Core component of Oracle Database 10g is reported prone to a vulnerability. This issue requires SQL(Oracle Net) access and Database authorization for exploitation. A successful attack can compromise the confidentiality and integrity security properties of a vulnerable server.

- The OHS component of Oracle Database 10g is reported prone to a vulnerability. This issue requires Network (HTTP) access and Database (execute on owa_opt_lock) authorization for exploitation. A successful attack can compromise the confidentiality and integrity security properties of a vulnerable server.

- The Report Server component of Oracle Application Server is reported prone to a vulnerability. This issue requires Network (HTTP) access and no authorization for exploitation. A successful attack can compromise the confidentiality and integrity security properties of a vulnerable server. Reportedly, this issue allows an attacker to disclose the database password used by the Report Server. An administration command can disclose the contents of the CGIcmd.dat file containing the password.

- The Forms component of Oracle Application Server is reported prone to a vulnerability. This issue requires Network (TCP) access and no authorization for exploitation. A successful attack can compromise the availability of a vulnerable server resulting in a denial of service condition.

- The mod_plsql component of Oracle Application Server is reported prone to a vulnerability. This issue requires Network (HTTP) access and Database (execute on owa_opt_lock) authorization for exploitation. A successful attack can compromise the confidentiality and integrity security properties of a vulnerable server.

- The Calendar component of Oracle Collaboration Suite is reported prone to a vulnerability. This issue requires image viewing access and no authorization for exploitation. A successful attack can compromise all security properties of a vulnerable server.

- The Oracle E-Business Suite is reported prone to multiple vulnerabilities. One of the issues requires Network (HTTP) access and valid session authorization for exploitation. The other issue requires Network (HTTP) access and does not require authorization. A successful attack can compromise the confidentiality and integrity security properties of a vulnerable server. It is reported that these issues may allow for SQL injection attacks.

The Oracle advisory only addresses those products that are supported. It is likely that earlier versions of the releases may also be affected. This Critical Patch Update also includes Oracle Security Alert #68 fixes that are specified in BID 10871 (Oracle Multiple Unspecified Vulnerabilities), BID 11120 (Oracle Database 9i SQL Command Buffer Overflow Vulnerability), BID 11099 (Oracle Database Server ctxsys.driload Access Validation Vulnerability), BID 11100 (Oracle Database Server dbms_system.ksdwrt Remote Buffer Overflow Vulnerability), and BID 11091 (Oracle 10g Database DBMS_SCHEDULER Remote Command Execution Vulnerability). It is possible that other BIDs such as BID 12296 (Oracle Database Multiple Unspecified Vulnerabilities) are related to these vulnerabilities as well.

This BID will be divided and updated into separate BIDs when more information is available.

Affected Products:

  • Oracle Applications 11.0.0
  • Oracle Applications 11i 11.5.0
  • Oracle Collaboration Suite Release 2 9.0.4 .2
  • Oracle E-Business Suite 11.0.0
  • Oracle E-Business Suite 11i 11.5.0
  • Oracle Oracle10g Application Server 10.1.0 .0.2
  • Oracle Oracle10g Application Server 10.1.0 .0.3
  • Oracle Oracle10g Application Server 10.1.0 .0.3.1
  • Oracle Oracle10g Application Server 10.1.2
  • Oracle Oracle10g Application Server 9.0.4 .0
  • Oracle Oracle10g Application Server 9.0.4 .1
  • Oracle Oracle10g Enterprise Edition 10.1.0 .0.2
  • Oracle Oracle10g Enterprise Edition 10.1.0 .0.3
  • Oracle Oracle10g Personal Edition 10.1.0 .0.2
  • Oracle Oracle10g Personal Edition 10.1.0 .0.3
  • Oracle Oracle10g Standard Edition 10.1.0 .0.2
  • Oracle Oracle10g Standard Edition 10.1.0 .0.3
  • Oracle Oracle8 8.0.6
  • Oracle Oracle8 8.0.6 .3
  • Oracle Oracle8i Enterprise Edition 8.1.7 .4
  • Oracle Oracle8i Standard Edition 8.1.7 .4
  • Oracle Oracle9i Application Server 1.0.2 .2
  • Oracle Oracle9i Application Server 9.0.2 .3
  • Oracle Oracle9i Application Server 9.0.3 .1
  • Oracle Oracle9i Enterprise Edition 9.0.0 .2.4
  • Oracle Oracle9i Enterprise Edition 9.0.1 .4
  • Oracle Oracle9i Enterprise Edition 9.0.1 .5
  • Oracle Oracle9i Enterprise Edition 9.0.4
  • Oracle Oracle9i Enterprise Edition 9.2.0 .0.5
  • Oracle Oracle9i Enterprise Edition 9.2.0 .6
  • Oracle Oracle9i Personal Edition 9.0.0 .2.4
  • Oracle Oracle9i Personal Edition 9.0.1 .4
  • Oracle Oracle9i Personal Edition 9.0.1 .5
  • Oracle Oracle9i Personal Edition 9.0.4
  • Oracle Oracle9i Personal Edition 9.2.0 .0.5
  • Oracle Oracle9i Personal Edition 9.2.0 .6
  • Oracle Oracle9i Standard Edition 9.0.0 .2.4
  • Oracle Oracle9i Standard Edition 9.0.1 .4
  • Oracle Oracle9i Standard Edition 9.0.1 .5
  • Oracle Oracle9i Standard Edition 9.0.4
  • Oracle Oracle9i Standard Edition 9.2.0 .0.5
  • Oracle Oracle9i Standard Edition 9.2.0 .6

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.