Oracle Updates for Multiple Vulnerabilties
http://jvnrss.ise.chuo-u.ac.jp/jtg/trn/en/TRTA07-290A.html
JVNRSS based Status Tracking Notes: Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.JVNRSS Feasibility Study Teamjvn@jvn.jpTRTA07-290A2008-05-25T04:15+00:002007-10-21T21:40+00:002008-05-25T04:15+00:00Oracle 10g/11g SYS.LT.FINDRICSET Local SQL Injection Exploit
http://www.securityfocus.com/bid/26098?jvntrev=1
Vulnerability Proof Of Concept (CVE-2007-5511)
#Cid: sys-lt-findricset.pl
Bugtraqhttp://www.us-cert.gov/cas/techalerts/TA07-290A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-55112007-10-26T15:03+02:002007-10-26T15:03+02:002007-10-26T15:03+02:00Oracle 10g/11g SYS.LT.FINDRICSET Local SQL Injection Exploit (2)
http://www.securityfocus.com/bid/26098?jvntrev=2
Vulnerability Proof Of Concept (CVE-2007-5511)
#Cid: sys-lt-findricsetV2.pl
Bugtraqhttp://www.us-cert.gov/cas/techalerts/TA07-290A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-55112007-10-26T15:03+02:002007-10-26T15:03+02:002007-10-26T15:03+02:00Oracle 10g LT.FINDRICSET Local SQL Injection Exploit (IDS evasion)
http://www.securityfocus.com/bid/26098?jvntrev=3
Vulnerability Proof Of Concept (CVE-2007-5511)
Bugtraqhttp://www.us-cert.gov/cas/techalerts/TA07-290A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-55112007-10-262007-10-262007-10-26Oracle 10g CTX_DOC.MARKUP SQL Injection Exploit
http://www.securityfocus.com/bid
Vulnerability Proof Of Concept (CVE-2007-5508)
#Cid: 26101.sql
Bugtraqhttp://www.us-cert.gov/cas/techalerts/TA07-290A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-55082007-10-232007-10-232007-10-23Oracle Updates for Multiple Vulnerabilties
http://www.us-cert.gov/cas/techalerts/TA07-290A.html
Via US-CERT Mailing List
Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
US-CERTTA07-290A2007-10-17T15:13-04:002007-10-17T15:13-04:002007-10-17T15:13-04:00Oracle Releases October Critical Patch Update
http://www.us-cert.gov/current/archive/2007/10/17/archive.html#oracle_releases_october_critical_patch
Oracle has released their October Critical Patch Update (CPU) to address 51 vulnerabilities across several products. This CPU contains twenty-eight security fixes for Oracle Database; eleven for Oracle Application Server; seven for Oracle Collaboration Suite; eight for Oracle E-Business Suite; two for Oracle Enterprise Manager; two for Oracle PeopleSoft Enterprise PeopleTools; and one for PeopleSoft Enterprise Human Capital Management.
US-CERThttp://www.us-cert.gov/cas/techalerts/TA07-290A.html2007-10-17T09:24-04:002007-10-17T09:24-04:002007-10-17T09:24-04:00Oracle Critical Patch Update - October 2007
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html
Oraclehttp://www.us-cert.gov/cas/techalerts/TA07-290A.html2007-10-16T20:47+00:002007-10-16T20:47+00:002007-10-16T20:47+00:00SQL Injection Flaw in Oracle Workspace Manager
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-workspace-manager/
Vulnerability Reported
The Workspace Manager in Oracle 10g release 1 and 2 and Oracle 9i is vulnerable to SQL injection.
NGSSoftware#NISR17102007Bhttp://www.us-cert.gov/cas/techalerts/TA07-290A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-55112006-08-232006-08-232006-08-23Oracle RDBMS Data packet DoS
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-rdbms/
Oracle Database Vuln# DB20
Vulnerability Reported
The Oracle RDBMS on receiving an invalid TNS data packet will use 100% of the CPU's time introducing a Denial of Service condition.
NGSSoftware#NISR17102007Dhttp://www.us-cert.gov/cas/techalerts/TA07-290A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-55062006-06-232006-06-232006-06-23Oracle TNS Listener DoS and/or remote memory inspection
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-tns-listener/
Oracle Database Vuln# DB22
Vulnerability Reported
The TNS Listener can be crashed by an attacker causing a Denial of Service; alternatively the attacker can use the same flaw to expose memory contents remotely. This may reveal sensitive information.
NGSSoftware#NISR17102007Chttp://www.us-cert.gov/cas/techalerts/TA07-290A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-55072006-06-222006-06-222006-06-22Multiple SQL Injection Flaws in Oracle CTX_DOC package
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-ctx-doc/
Oracle Database Vuln# DB03
Vulnerability Reported
The Intermedia application in Oracle 10g release 1 and 2 is vulnerable to SQL injection.
NGSSoftware#NISR17102007Ahttp://www.us-cert.gov/cas/techalerts/TA07-290A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-55082006-06-062006-06-062006-06-06Oracle audit issue with XMLDB ftp service
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-xmldb-ftp-service/
Oracle Database Vuln# DB23
Vulnerability Reported
The Oracle XML DB ftp service contains problems with auditing logins.
NGSSoftware#NISR17102007Ehttp://www.us-cert.gov/cas/techalerts/TA07-290A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-55132006-03-092006-03-092006-03-09Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO
http://www.appsecinc.com/resources/alerts/oracle/2007-08.shtml
Vulnerability Reported
Oracle Database Server provides the SYS.DBMS_AQADM_SYS package that is used internally by the SYS.DBMS_AQADM package to provide procedures to manage Oracle Streams Advanced Queuing (AQ) configuration and administration information. This package contains the procedure DBLINK_INFO which is vulnerable to buffer overflow attacks.
Application Security Inc.Team SHATTER Security Alert Oracle 2007-08http://www.us-cert.gov/cas/techalerts/TA07-290A.htmlhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html2005-02-252005-02-25Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM
http://www.appsecinc.com/resources/alerts/oracle/2007-09.shtml
Vulnerability Reported
Oracle Database Server provides the MDSYS.SDO_CS package that contains subprograms for working with coordinate systems. This package contains the function TRANSFORM which is vulnerable to buffer overflow attacks.
Application Security Inc.Team SHATTER Security Alert Oracle 2007-09http://www.us-cert.gov/cas/techalerts/TA07-290A.htmlhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html2005-02-252005-02-25ipu6GK5M+5Nmc3bcJahOl8U8BYc=4WvFZT5DMPEMcNznIL0MSe4GK2E=oUicdDHGVNF07jjxlEoeuXCTOtHmRehw/UWW7vWRKySK5hYPj9oeGG2VU90L/M+M33rJdqTG4okFZ6qvvXGCiBCi7KVMEC3h2pz7NiA9nvhEugxyH4FzMxyoeXHw9aXotGTiYUBRBky8neIn3sn8ON21zObkWLrkzBGq3olLRxQ=MIIE1DCCA7ygAwIBAgIQfBHY/s5/LRzGChqXgtjCKTANBgkqhkiG9w0BAQUFADCB3TELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTcwNQYDVQQDEy5WZXJpU2lnbiBDbGFzcyAxIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQSAtIEcyMB4XDTA3MDcwNTAwMDAwMFoXDTA4MDcwNDIzNTk1OVowggEhMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTQwMgYDVQQLEytEaWdpdGFsIElEIENsYXNzIDEgLSBNaWNyb3NvZnQgRnVsbCBTZXJ2aWNlMSYwJAYDVQQDFB1KVk5SU1MgRmVhc2liaWxpdHkgU3R1ZHkgVGVhbTEfMB0GCSqGSIb3DQEJARYQanZucnNzQGlwYS5nby5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsCjiweXb23sjKQajfCS8WiHjax1ppkfkjhN/SwBp/LOOXlpZpzW/lHtKSnWJLPOZzLxIJUWARTZ+T2y2wCzDnKU9TOkNx56u7iBhhATVRyPby22uRY0Pf+1uu8vnSZPvAR50FI9o2COo9xCqfXZWU/RNWSrsrxJd2XL4Y6sYzL0CAwEAAaOBzDCByTAJBgNVHRMEAjAAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMEoGA1UdHwRDMEEwP6A9oDuGOWh0dHA6Ly9JbmRDMURpZ2l0YWxJRC1jcmwudmVyaXNpZ24uY29tL0luZEMxRGlnaXRhbElELmNybDANBgkqhkiG9w0BAQUFAAOCAQEAHbEsHsaKt3O4OUlcec2BOe+MAP4eGW5X494WdegnLEW4tlAxZvctmLeGr0VRXMtF1JumpTLQcdQvUFp15N2+RDa1PrMFrkrCz9BdextE/7mykda0DzsAvbroqHbsu3tZOhnE7T61ZxtBuXOC0jChphl96yDn8NxvebCwcApB46oeKSbAFT21HRIWGiCo1QaMvB390MzFfOFfft1oHivREyIjgXNyAUSTunj/rQhodTnQRVdRuVwa5KSUErWOnNFM2uuXaF/vJqVRX2QR6zr+S+JGbw3ykc/7zkixEBbkSv3wOTh7BmsXRzRvLcaD92ifxOqFxWHQxIqMSxsbJ6WyPQ==