SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Database)  >   Oracle Database Vendors:   Oracle
Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact
SecurityTracker Alert ID:  1016529
SecurityTracker URL:  http://securitytracker.com/id/1016529
CVE Reference:   CVE-2006-3698, CVE-2006-3699, CVE-2006-3700, CVE-2006-3701, CVE-2006-3702, CVE-2006-3703, CVE-2006-3704, CVE-2006-3705, CVE-2006-3706, CVE-2006-3707, CVE-2006-3708, CVE-2006-3709   (Links to External Site)
Updated:  Sep 2 2010
Original Entry Date:  Jul 18 2006
Impact:   Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.2.0.2 and prior versions
Description:   Numerous vulnerabilities were reported in Oracle Database and other Oracle products. The impact was not specified by the vendor.

Oracle released their Critical Patch Update for July 2006, addressing numerous vulnerabilities in Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle Enterprise Manager, Oracle Workflow, Oracle Pharmaceutical Applications, JD Edwards EnterpriseOne Tools, OneWorld Tools, and PeopleSoft Enterprise Portal product versions.

The most severe of the vulnerabilities are described by the vendor has having a "Wide" impact on the confidentiality, availability, and integrity of the system.

The following product versions are affected:

* Oracle Database 10g Release 2, version 10.2.0.1, 10.2.0.2
* Oracle Database 10g Release 1, versions 10.1.0.3, 10.1.0.4, 10.1.0.5
* Oracle9i Database Release 2, versions 9.2.0.5, 9.2.0.6, 9.2.0.7
* Oracle8i Database Release 3, version 8.1.7.4
* Oracle Enterprise Manager 10g Grid Control, version 10.2.0.1
* Oracle Application Server 10g Release 3, versions 10.1.3.0.0
* Oracle Application Server 10g Release 2, versions 10.1.2.0.0 - 10.1.2.0.2, 10.1.2.1.0
* Oracle Application Server 10g Release 1 (9.0.4), versions 9.0.4.1, 9.0.4.2, 9.0.4.3
* Oracle Collaboration Suite 10g Release 1, versions 10.1.2.0
* Oracle9i Collaboration Suite Release 2, version 9.0.4.2
* Oracle E-Business Suite Release 11i, versions 11.5.7 - 11.5.10 CU2
* Oracle E-Business Suite Release 11.0
* Oracle Pharmaceutical Applications versions 4.5.0 - 4.5.2
* PeopleSoft Enterprise Portal, versions 8.4, 8.8, 8.9
* Oracle PeopleSoft Enterprise Portal Solutions, Enterprise Portal with Enforcer Portal Pack, version 8.8
* JD Edwards EnterpriseOne Tools, OneWorld Tools, versions 8.95, 8.96
* Oracle Database 10g Release 1, version 10.1.0.4.2
* Oracle Application Server Portal, versions 10.1.4.0.0
* Oracle Developer Suite, versions 6i, 9.0.4.2
* Oracle Workflow, versions 11.5.1 through 11.5.9.5
* Oracle9i Database Release 1, versions 9.0.1.4
* Oracle9i Database Release 1, versions 9.0.1.5, 9.0.1.5 FIPS
* Oracle8 Database Release 8.0.6, version 8.0.6.3
* Oracle9i Application Server Release 2, versions 9.0.2.3, 9.0.3.1
* Oracle9i Application Server Release 1, version 1.0.2.2

Oracle has provided no specifics regarding the nature of these vulnerabilities.

Oracle credits the following individuals and organizations with reporting these vulnerabilities:

Esteban Martinez Fayo of Application Security, Inc.; Dr. Christian Kleinewaechter and Swen Thuemmler of infinity3 GmbH; Alexander Kornbrust of Red Database Security GmbH; David Litchfield of Next Generation Security Software Ltd.

Impact:   The vendor did not specify the impact other than to say that the bugs have a "wide" risk impact on security.
Solution:   The vendor has issued a fix, described in their July 2006 Critical Patch Update advisory at:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2006.html

Vendor URL:  www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2006.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 21 2006 (HP Issues Advisory for Oracle for OpenView) Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact
HP has issued an advisory for HP Oracle for OpenView.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC