Status Tracking Note JVNTR-2010-01

Oracle Updates for Multiple Vulnerabilities (TA10-012A)

Overview

Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
Event Information
Date (UTC)Description
2010-01-13 18:05 Oracle
Critical Patch Update - January 2010
2010-01-12 22:04 US-CERT
TA10-012A: Oracle Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2010-01-12 21:19 SANS Internet Storm Center
Oracle Patches Relased
Oracle patches are complex and cover far more then just the database. Among other products, this release covers the Oracle Application Server and the Oracle WebLogic Server.
2010-01-12 20:31 US-CERT
Oracle Releases Critical Patch Update for January 2010
US-CERT Current Activity
Oracle has released its Critical Patch Update for January 2010 to address 24 vulnerabilities across several products.
2009-04-20 Zero Day Initiative (ZDI)
ZDI-10-002: Oracle Secure Backup observiced.exe Remote Code Execution Vulnerability
Vulnerability (CVE-2010-0072) Reported
The specific flaw exists in the Oracle Secure Backup Services daemon observiced.exe listening on TCP port 10000 by default. Due to the lack of bounds checking on the reverse lookup of connections to the port a stack overflow can occur leading to a complete compromise of the affected system under the credentials of the SYSTEM account.
Reference
Date first published (UTC): 2010-01-19T23:13+00:00
Date last updated (UTC): 2010-01-19T23:13+00:00
Valid HTML 4.01!