Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Oracle Database Bugs Let Remote Users Access and Modify Data and Cause Denial of Service Conditions
|
|
SecurityTracker Alert ID: 1021050
|
|
SecurityTracker URL: http://securitytracker.com/id?1021050
|
|
CVE Reference: CVE-2008-2624
, CVE-2008-2625
, CVE-2008-3976
, CVE-2008-3980
, CVE-2008-3982
, CVE-2008-3983
, CVE-2008-3984
, CVE-2008-3989
, CVE-2008-3990
, CVE-2008-3991
, CVE-2008-3994
, CVE-2008-3995
, CVE-2008-4005
(Links to External Site)
|
Date: Oct 14 2008
|
Impact: Denial of service via network, Disclosure of user information, Modification of user information, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Oracle Security Advisory
|
Version(s): 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.6; and prior versions
|
Description: Several vulnerabilities were reported in Oracle Database. A remote user can access and modify data on the target system. A remote authenticated user can cause denial of service conditions.
A remote user can exploit an unspecified vulnerability to affect the confidentiality and integrity of data on the target system.
A
remote authenticated user can exploit unspecified vulnerabilities to affect the confidentiality and integrity of data on the target
system.
A remote authenticated user can affect the availability of the target system.
No details were provided.
The following
versions are affected:
- Oracle Database 11g, version 11.1.0.6
- Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3,
10.2.0.4
- Oracle Database 10g, version 10.1.0.5
- Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
The Change Data
Capture [CVE-2008-3995, CVE-2008-3996], Core RDBMS [CVE-2008-2625], Oracle Application Express [CVE-2008-4005], Oracle Data Mining
[CVE-2008-3989, CVE-2008-3992], Oracle OLAP [CVE-2008-2624, CVE-2008-3990, CVE-2008-3991], Oracle Spatial [CVE-2008-3976], Upgrade
[CVE-2008-3980], and Workspace Manager [CVE-2008-3982, CVE-2008-3983, CVE-2008-3984, CVE-2008-3994] components are affected.
The
following researchers reported these and other Oracle vulnerabilities:
Esteban Martinez Fayo of Application Security, Inc.; Pete
Finnigan; Tony Fogarty of DNV; guyp of Sentrigo; Jack Kanter of Integrigy; Joxean Koret; Alexander Kornbrust of Red Database Security;
Slavik Markovich of Sentrigo; Amichai Shulman of Imperva, Inc.; and Chris Valasek of IBM Corp.
|
Impact: A remote user can access and modify data on the target system.
A remote authenticated user can cause denial of service conditions.
|
Solution: The vendor has issued a fix, described in their October 2008 Critical Patch Update advisory.
The Oracle advisory is available at:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html
|
Vendor URL: www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html (Links to External Site)
|
Cause: Not specified
|
Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 14 Oct 2008 07:56:38 -0400
Subject: Oracle Database
|
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html
|
|
Go to the Top of This SecurityTracker Archive Page
|
