SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Database)  >   Oracle Database Vendors:   Oracle
Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact
SecurityTracker Alert ID:  1017077
SecurityTracker URL:  http://securitytracker.com/id/1017077
CVE Reference:   CVE-2006-5332, CVE-2006-5333, CVE-2006-5334, CVE-2006-5335, CVE-2006-5336, CVE-2006-5337, CVE-2006-5338, CVE-2006-5339, CVE-2006-5340, CVE-2006-5341, CVE-2006-5342, CVE-2006-5343, CVE-2006-5344, CVE-2006-5345, CVE-2006-5346, CVE-2006-5347, CVE-2006-5348, CVE-2006-5349, CVE-2006-5350, CVE-2006-5351, CVE-2006-5352, CVE-2006-5353, CVE-2006-5354, CVE-2006-5355, CVE-2006-5356, CVE-2006-5357, CVE-2006-5358, CVE-2006-5359, CVE-2006-5360, CVE-2006-5361, CVE-2006-5362, CVE-2006-5363, CVE-2006-5364, CVE-2006-5365, CVE-2006-5366, CVE-2006-5367, CVE-2006-5368, CVE-2006-5369, CVE-2006-5370, CVE-2006-5371, CVE-2006-5372, CVE-2006-5373, CVE-2006-5374, CVE-2006-5375, CVE-2006-5376, CVE-2006-5377, CVE-2006-5378   (Links to External Site)
Updated:  Oct 18 2006
Original Entry Date:  Oct 17 2006
Impact:   Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8i, 9i, 10g
Description:   Numerous vulnerabilities were reported in Oracle Database and other Oracle products. The impact was not specified by the vendor.

Oracle released their Critical Patch Update for October 2006, addressing numerous vulnerabilities in Oracle Database, Oracle Application Server, Oracle Application Express, Oracle Collaboration Suite, Oracle Developer Suite, Oracle Pharmaceutical Applications, JD Edwards EnterpriseOne Tools, OneWorld Tools, and PeopleSoft Enterprise Portal product versions.

The following product versions are affected:

* Oracle Database 10g Release 2, version 10.2.0.1, 10.2.0.2
* Oracle Database 10g Release 1, versions 10.1.0.4, 10.1.0.5
* Oracle9i Database Release 2, versions 9.2.0.6, 9.2.0.7
* Oracle8i Database Release 3, version 8.1.7.4
* Oracle Application Express, versions 1.5 - 2.0
* Oracle Application Server 10g Release 3, versions 10.1.3.0.0
* Oracle Application Server 10g Release 2, versions 10.1.2.0.0 - 10.1.2.0.2, 10.1.2.1.0
* Oracle Application Server 10g Release 1 (9.0.4), versions 9.0.4.2, 9.0.4.3
* Oracle Collaboration Suite 10g Release 1, versions 10.1.2.0
* Oracle9i Collaboration Suite Release 2, version 9.0.4.2
* Oracle E-Business Suite Release 11i, versions 11.5.7 - 11.5.10 CU2
* Oracle E-Business Suite Release 11.0
* Oracle Pharmaceutical Applications versions 4.5.0 - 4.5.1
* Oracle PeopleSoft Enterprise People Tools, versions 8.22, 8.46, 8.47, 8.48
* Oracle PeopleSoft Enterprise Portal Solutions, Enterprise Portal, version 8.8, 8.9
* JD Edwards EnterpriseOne Tools, versions 8.95, 8.96
* JD Edwards OneWorld Tools SP23
* Oracle9i Database Release 1, versions 9.0.1.4
* Oracle9i Database Release 1, versions 9.0.1.5, 9.0.1.5 FIPS
* Oracle9i Application Server Release 2, versions 9.0.2.3, 9.0.3.1
* Oracle9i Application Server Release 1, version 1.0.2.2
* Oracle Developer Suite, versions 6i, 9.0.4.1, 9.0.4.2, 9.0.4.3, 10.1.2.0.2, 10.1.2.2
* Oracle Database 10g Release 1, version 10.1.0.3
* Oracle9i Database Release 2, version 9.2.0.5
* Oracle Application Server 10g Release 1 (9.0.4), version 9.0.4.1

Oracle has provided no specifics regarding the nature of these vulnerabilities.

Oracle has provided the following maximum CVSS base scores for vulnerabilities that can be exploited by remote users with authentication:

* Oracle Database: 4.2
* Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne: 6.0

Oracle has provided the following maximum CVSS base scores for vulnerabilities that can be exploited by remote users without authentication:

* Oracle HTTP Server: 3.7
* Oracle Application Express: 7.0
* Oracle Application Server: 4.7
* Oracle Collaboration Suite: 3.7
* Oracle E-Business Suite: 4.7
* Oracle Pharmaceutical Applications: 2.2
* Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne: 4.7

Oracle credits the following individuals and organizations with reporting these vulnerabilities:

Johannes Fahrenkrug; Sacha Faust of S.P.I. Dynamics, Inc.; Esteban Martinez Fayo of Application Security, Inc.; Alexander Kornbrust of Red Database Security GmbH; David Litchfield of Next Generation Security Software Ltd.; and Andrew Maksimenko of COMEC-92.

Impact:   The impact was not specified.
Solution:   The vendor has issued a fix, described in their October 2006 Critical Patch Update advisory at:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html

Vendor URL:  www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC