Status Tracking Note TRTA08-017A

Oracle Updates for Multiple Vulnerabilities

Overview

Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
Event Information
Date (UTC)Description
2008-01-28 Bugtraq
Oracle 10g R1 xDb.XDB_PITRIG_PKG.PITRIG_DROP - SQL Injection Exploit (get password Hashes)
Vulnerability Proof Of Concept
#Cid: 27229-XDB_PITRIG_PKG.PITRIG_DROP.sql
#Tested: oracle 10.1.0.2.0
2008-01-28 Bugtraq
Oracle 10g R1 xDb.XDB_PITRIG_PKG.PITRIG_TRUNCATE - SQL Injection Exploit (get password Hashes)
Vulnerability Proof Of Concept
#Cid: 27229-XDB_PITRIG_PKG.PITRIG_TRUNCATE.sql
#Tested: oracle 10.1.0.2.0
2008-01-28 Bugtraq
Oracle 10g R1 xDb.XDB_PITRIG_PKG.PITRIG_DROP - SQL Injection Exploit (change system password)
Vulnerability Proof Of Concept
#Cid: 27229-XDB_PITRIG_PKG.PITRIG_DROP-2.sql
#Tested: oracle 10.1.0.2.0
2008-01-28 Bugtraq
Oracle 10g R1 xDb.XDB_PITRIG_PKG.PITRIG_TRUNCATE - BUFFER OVERFLOW (POC exploit , Crash database)
Vulnerability Proof Of Concept
#Cid: 27229-XDB_PITRIG_PKG.PITRIG_TRUNCATE-2.sql
#Tested: oracle 10.1.0.2.0
2008-01-17 19:42 US-CERT
TA08-017A: Oracle Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
2008-01-17 13:30 Hewlett-Packard
HPSBMA02133: SSRT061201 rev.7 - HP Oracle for OpenView (OfO) Critical Patch Update
2008-01-16 18:18 US-CERT
Oracle Releases October Critical Patch Update
US-CERT Current Activity
Oracle has released their Critical Patch Update (CPU) for January 2008 to address 26 vulnerabilities across several products. This CPU contains eight security fixes for Oracle Database products; six for Oracle Application Server; one for Oracle Collaboration Suite; seven for Oracle E-Business Suite; and four for Oracle PeopleSoft Enterprise PeopleTools.
2008-01-15 22:55 Oracle
Oracle Critical Patch Update Advisory - January 2008
2008-01-15 21:02 SANS Internet Storm Center
Oracle releases January 2008 Critical Patch Update
The January 2008 Critical Patch Update contains 27 security fixes, of which the highest CVSS score is 6.8 for servers and 9.3 for Application Server clients.
Date first published (UTC): 2008-01-21T10:58+00:00
Date last updated (UTC): 2008-02-25T02:10+00:00
Valid HTML 4.01!