• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Oracle April 2007 Security Update Multiple Vulnerabilities

Severity: CRITICAL

Description:

Multiple vulnerabilities affect various Oracle applications.

Oracle has released a Critical Patch Update advisory for April 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.

Oracle Application Server is vulnerable to the following five issues:

AS01 - This issue affects the Oracle Discoverer component and requires HTTP access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality, integrity, and availability of the server. An attacker can exploit this issue by sending 'TNS STOP' commands and shut down an unprotected Oracle TNS Listener.

AS02 - This issue affects the Oracle COREid Access component and requires HTTP access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality and availability of the server.

AS03 - This issue affects the Oracle Wireless component and requires HTTP access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality, integrity, and availability of the server.

AS04 - This issue affects the Oracle Portal component and requires HTTP access. No authentication is required to exploit this issue. Successful attacks may compromise the integrity of the server.

AS05 - This issue affects the Oracle Portal component and requires HTTP access. No authentication is required to exploit this issue. Successful attacks may compromise the confidentiality of the server.


Oracle Database Server is vulnerable to the following 15 issues:

DB01 - This issue affects the Core RDBMS component and requires network access. No authentication is required to exploit this issue. Successful attacks may compromise the confidentiality, integrity, and availability of the server. This issue is an authentication-bypass vulnerability on Oracle running on Microsoft Windows XP due to an interaction between Simple File Sharing and Oracle. This issue allows attackers to gain DBA access on vulnerable servers.

DB02 - This issue affects the Rules Manager, Expression Filter component and requires Oracle Net access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality, integrity, and availability of the server. This issue stems from a race condition in the RLMGR_TRUNCATE_MAINT trigger. Successfully exploiting this issue gives the attacker EXFSYS privileges.

DB03 - This issue affects the Core RDBMS component and requires local access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality, integrity, and availability of the server. This issue stems from inappropriate access controls (DACLs) on the Oracle process running on Microsoft Windows platforms. This allows local attackers to execute arbitrary code in the context of the database process and to gain SYSTEM-level privileges.

DB04 - This issue affects the Advanced Queuing component and requires Oracle Net access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality and integrity of the server. This issue affects the DBMS_AQADM_SYS component. This is a PL/SQL injection vulnerability in DBMS_AQADM_SYS.

DB05 - This issue affects the Authentication component and requires Oracle Net access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality and integrity of the server. An attacker can exploit this issue to bypass the Oracle database logon trigger. This issue is a logon-trigger-bypass vulnerability in AUTH_ALTER_SESSION. Exploiting this issue may allow attackers to bypass security policies.

DB06 - This issue affects the Oracle Streams component and requires Oracle Net access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality and integrity of the server. This issue is an SQL-injection vulnerability in DBMS_APPLY_USER_AGENT.

DB07 - This issue affects the Upgrade/Downgrade component and requires Oracle Net access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality and integrity of the server. This is an SQL-injection issue affecting the DBMS_UPGRADE_INTERNAL component.

DB08 - This issue affects the Change Data Capture (CDC) component and requires Oracle Net access. Successful authentication is required to exploit this issue. Successful attacks may compromise the availability of the server. This is a buffer-overflow vulnerability in the CHGTAB_CACHE procedure of the DBMS_CDC_IPUBLISH package. Attackers can trigger this issue by passing an overly long CHANGE_TABLE_NAME parameter to the affected procedure.

DB09 - This issue affects the Change Data Capture (CDC) component and requires Oracle Net access. Successful authentication is required to exploit this issue. Successful attacks may compromise the availability of the server. This issue is an SQL-injection vulnerability in the DBMS_CDC_PUBLISH package.

DB10 - This issue affects the Advanced Replication component and requires Oracle Net access. Successful authentication is required to exploit this issue. This issue will result in an unknown compromise of security properties.

DB11 - This issue affects the Oracle Instant Client component and requires local access. Successful authentication is required to exploit this issue. This issue will result in an unknown compromise of security properties.

DB12 - This issue affects the Oracle Text component and requires local access. Successful authentication is required to exploit this issue. This issue will result in an unknown compromise of security properties.

DB13 - This issue affects the Upgrade/Downgrade component and requires local access. Successful authentication is required to exploit this issue. This issue will result in an unknown compromise of security properties.

EM01 - This issue affects the Oracle Agent component and requires network access. No authentication is required to exploit this issue. Successful attacks may compromise the availability of the server. This issue is an authentication-bypass vulnerability that allows anonymous attackers to shut down the affected service.

OWF01 - This issue affects the Oracle Workflow Cartridge component and requires HTTP access. Successful authentication is required to exploit this issue. Successful attacks may compromise the integrity of the server.


Oracle E-Business Suite and Applications are vulnerable to the following 10 issues:

APPS01 - This is an SQL-injection vulnerability in a Self-Service Web Application database package accessible through 'mod_plsql'. Specifically, this affects the 'APPS.ICXSUPWF.DISPLAYCONTACT' schema of the Oracle Common Applications component. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality, integrity, and availability of the server.

APPS02 - This issue affects the Oracle iProcurement component and requires HTTP access. No authentication is required to exploit this issue. Successful attacks may compromise the confidentiality of the server.

APPS03 - This issue affects the Oracle Report Manager component and requires HTTP access. No authentication is required to exploit this issue. Successful attacks may compromise the confidentiality of the server.

APPS04 - This issue affects the Oracle Application Object Library component and requires HTTP access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality of the server.

APPS05 - This issue affects the Oracle iStore component and requires HTTP access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality of the server.

APPS06 - This issue affects the Oracle iStore component and requires HTTP access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality of the server.

APPS07 - This issue affects the Oracle iSupport component and requires HTTP access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality of the server.

APPS08 - This issue affects the Oracle Sales Online component and requires HTTP access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality of the server.

APPS09 - This issue affects the Oracle Trade Management component and requires HTTP access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality of the server.

APPS10 - This issue affects the Oracle Applications Manager component and requires HTTP access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality of the server.


Oracle Collaboration Suite is vulnerable to the following issue:

OCS01 - This issue affects the Oracle Collaborative Workspace component and requires HTTP access. Successful authentication is required to exploit this issue. Successful attacks may compromise the integrity of the server.


Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne are vulnerable to the following four issues:

JDE01 - This issue affects the JD Edwards HTML Server component and requires HTTP access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality of the server.

PSE01 - This issue affects the PeopleTools component and requires FTP access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality, integrity, and availability of the server.

PSE02 - This issue affects the PeopleTools component and requires HTTP access. Successful authentication is required to exploit this issue. Successful attacks may compromise the integrity of the server.

PSEHCM01 - This issue affects the PeopleSoft Enterprise Human Capital Management component and requires network access. Successful authentication is required to exploit this issue. Successful attacks may compromise the confidentiality of the server.


Oracle Secure Enterprise Search is vulnerable to the following issue:

SES01 - This issue affects the Administration Front End component and requires access to Administration Web Interface. Successful authentication is required to exploit this issue. Successful attacks may compromise the integrity of the server. This is a cross-site scripting issue affecting the 'EXPTYPE' parameter of 'bounday_rules.jsp'.

This BID describes 36 vulnerabilities in total.

The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.

Affected Products:

• HP Oracle for OpenView 8.1.7
• HP Oracle for OpenView 9.1.01
• HP Oracle for OpenView 9.2
• HP Oracle for OpenView for Linux LTU
• IBM Tivoli Compliance Insight Manager 6.0
• IBM Tivoli Compliance Insight Manager 7.0
• IBM Tivoli Compliance Insight Manager 8.0
• Oracle Collaboration Suite Release 1 10.1.2
• Oracle E-Business Suite 11i 11.5.10
• Oracle E-Business Suite 11i 11.5.10 CU2
• Oracle E-Business Suite 11i 11.5.7
• Oracle E-Business Suite 11i 11.5.8
• Oracle E-Business Suite 11i 11.5.9
• Oracle E-Business Suite 12 12.0.0
• Oracle Enterprise Manager 9i 9.0.1 5
• Oracle Enterprise Manager 9i Release 2 9.2.0 7
• Oracle Enterprise Manager 9i Release 2 9.2.0 8
• Oracle JD Edwards EnterpriseOne 8.96
• Oracle JD Edwards OneWorld Tools SP23
• Oracle Oracle10g Application Server 10.1.0 .0.4
• Oracle Oracle10g Application Server 10.1.0 .5
• Oracle Oracle10g Application Server 10.1.2 .0.1
• Oracle Oracle10g Application Server 10.1.2 .0.2
• Oracle Oracle10g Application Server 10.1.2 .1.0
• Oracle Oracle10g Application Server 10.1.2 .2.0
• Oracle Oracle10g Application Server 10.1.3 .0.0
• Oracle Oracle10g Application Server 10.1.3 .1.0
• Oracle Oracle10g Application Server 10.1.3 .2.0
• Oracle Oracle10g Application Server 9.0.4 3
• Oracle Oracle10g Enterprise Edition 10.1.0 .0.4
• Oracle Oracle10g Enterprise Edition 10.1.0 .5
• Oracle Oracle10g Enterprise Edition 10.2.0 .1
• Oracle Oracle10g Enterprise Edition 10.2.0 .2
• Oracle Oracle10g Enterprise Edition 10.2.0 .3
• Oracle Oracle10g Personal Edition 10.1.0 .0.4
• Oracle Oracle10g Personal Edition 10.2.0 .1
• Oracle Oracle10g Personal Edition 10.2.0 .2
• Oracle Oracle10g Personal Edition 10.2.0 .3
• Oracle Oracle10g Standard Edition 10.1.0 .0.4
• Oracle Oracle10g Standard Edition 10.1.0 .0.5
• Oracle Oracle10g Standard Edition 10.2.0 .2
• Oracle Oracle10g Standard Edition 10.2.0 .3
• Oracle Oracle10g Standard Edition 10.2.0.1
• Oracle Oracle9i Application Server 9.2.0 .0.7
• Oracle Oracle9i Application Server 9.2.0 .8
• Oracle Oracle9i Enterprise Edition 9.2.0 .7
• Oracle Oracle9i Enterprise Edition 9.2.0 .8
• Oracle Oracle9i Personal Edition 9.2.0 .7
• Oracle Oracle9i Personal Edition 9.2.0 .8
• Oracle PeopleSoft Enterprise Human Capital Management 8.9
• Oracle PeopleSoft Enterprise PeopleTools 8.22
• Oracle PeopleSoft Enterprise PeopleTools 8.47
• Oracle PeopleSoft Enterprise PeopleTools 8.48
• Oracle Secure Enterprise Search 10g Release 1 10.1.6

References:

• Alexander Kornbrust: Bypass Oracle Logon Trigger (7826485) [DB05]
• Alexander Kornbrust: Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search - SES01
• Alexander Kornbrust: SQL Injection in package SYS.DBMS_AQADM_SYS (6980695) [DB04]
• Alexander Kornbrust: SQL Injection in package SYS.DBMS_UPGRADE_INTERNAL (6980753) [DB07]
• Alexander Kornbrust: Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet (6085705)
• David Litchfield: Analysis of the Oracle April 2007 Critical Patch Update
• IBM: Oracle Engine Upgrade and Critical Patch - TCIM 6.0/7.0/8.0 Embedded Database En
• Oracle: Oracle Critical Patch Update - April 2007
• Oracle: Oracle Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.