SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Database)  >  Oracle Database Vendors:  Oracle
Oracle Database and Application Server Have Multiple Unspecified Vulnerabilities With Unspecified Impact
SecurityTracker Alert ID:  1015074
SecurityTracker URL:  http://securitytracker.com/id?1015074
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Oct 24 2005
Original Entry Date:  Oct 18 2005
Impact:  Not specified
Fix Available:  Yes   Vendor Confirmed:  Yes  
Advisory:  Oracle Security Advisory
Version(s): 8, 8i, 9i, 10g
Description:  Numerous vulnerabilities were reported in Oracle Database. The impact was not specified by the vendor.

Oracle released their Critical Patch Update for October 2005, addressing numerous vulnerabilities in Oracle Database and Oracle Application Server product versions.

The most severe of the vulnerabilities are described by the vendor has having a "Wide" impact on the confidentiality, availability, and integrity of the system.

The following product versions are affected:

* Oracle Database Server 10g Release 1, versions 10.1.0.3, 10.1.0.4
* Oracle9i Database Server Release 2, versions 9.2.0.5, 9.2.0.6, 9.2.0.7
* Oracle8i Database Server Release 3, version 8.1.7.4
* Oracle Enterprise Manager 10g Grid Control, versions 10.1.0.3, 10.1.0.4
* Oracle Application Server 10g Release 2, versions 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2
* Oracle Application Server 10g Release 1 (9.0.4), versions 9.0.4.1, 9.0.4.2
* Oracle Collaboration Suite 10g Release 1, version 10.1.1
* Oracle9i Collaboration Suite Release 2, version 9.0.4.2
* Oracle E-Business Suite Release 11i, versions 11.5.1 through 11.5.10 and 11.5.10 CU2
* Oracle E-Business Suite Release 11.0
* Oracle Clinical, versions 4.5.0 and 4.5.1
* PeopleSoft Enterprise Tools, versions 8.1 through 8.46.03
* PeopleSoft CRM, versions 8.81 through 8.9
* JD Edwards EnterpriseOne, OneWorld XE, versions 8.95_B1, 8.94_Q1, SP23_K1
* Oracle Database Server 10g Release 1, version 10.1.0.4.2
* Oracle Developer Suite, versions 9.0.2.1, 9.0.4.1, 9.0.4.2, 10.1.2.0
* Oracle Enterprise Manager Application Server Control, versions 9.0.4.1, 9.0.4.2
* Oracle Enterprise Manager 10g Database Control, versions 10.1.0.3, 10.1.0.4
* Oracle Workflow, versions 11.5.1 through 11.5.9.5
* Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5, 9.0.1.5 FIPS
* Oracle8 Database Server Release 8.0.6, version 8.0.6.3
* Oracle9i Application Server Release 2, versions 9.0.2.3, 9.0.3.1
* Oracle9i Application Server Release 1, version 1.0.2.2

Oracle has provided no specifics regarding the nature of these vulnerabilities.

Oracle credits the following individuals and organizations with reporting these vulnerabilities:

Brian Carr; Sacha Faust of S.P.I. Dynamics, Inc.; Esteban Martinez Fayo of Application Security, Inc.; Alexander Kornbrust of Red Database Security; Steven Kost of Integrigy Corporation; David Litchfield of NGSS Limited; noderat ratty, Keigo Yamazaki of Little eArth Corporation Co., Ltd.
Impact:  The vendor did not specify the impact other than to say that the bugs have a "wide" risk impact on security.
Solution:  The vendor has issued a fix, described in their October 2005 Critical Patch Update advisory at:

http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html

HP has indicated that users of Oracle for OpenView (OfO) should apply the Oracle fix:

http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA01235
Vendor URL:  www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html (Links to External Site)
Cause:  Not specified
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 24 2005 (HP Issues Advisory for Oracle for OpenView) Oracle Database and Application Server Have Multiple Unspecified Vulnerabilities With Unspecified Impact
HP has issued an advisory for Oracle for OpenView users indicating that the Oracle October 2005 critical patch should be applied to Oracle for OpenView.


 Source Message Contents
Date:  Tue, 18 Oct 2005 17:57:12 -0400
Subject:  Oracle database patch update, October 2005

 
 
http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC