Multiple vulnerabilities have been reported in various Oracle products. Some have an unknown impact, and others can be exploited to gain knowledge of sensitive information, manipulate data, or cause a DoS (Denial of Service).
The following supported products are affected by one or more vulnerabilities:
* Oracle Database 10g Release 1, versions 10.1.0.2, 10.1.0.3, 10.1.0.3.1, 10.1.0.4.
* Oracle9i Database Server Release 2, versions 9.2.0.5, 9.2.0.6
* Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5, 9.0.4 (9.0.1.5 FIPS)
* Oracle8i Database Server Release 3, version 8.1.7.4
* Oracle Application Server 10g Release 2 (10.1.2)
* Oracle Application Server 10g (9.0.4), versions 9.0.4.0, 9.0.4.1
* Oracle9i Application Server Release 2, versions 9.0.2.3, 9.0.3.1
* Oracle9i Application Server Release 1, version 1.0.2.2
* Oracle Collaboration Suite Release 2, versions 9.0.4.1, 9.0.4.2
* Oracle E-Business Suite and Applications Release 11i, versions 11.5.0 through 11.5.10
* Oracle E-Business Suite and Applications Release 11.0
* Oracle Enterprise Manager Grid Control 10g, versions 10.1.0.2, 10.1.0.3
* Oracle Enterprise Manager versions 9.0.4.0, 9.0.4.1
* PeopleSoft EnterpriseOne Applications, versions 8.9 SP2 and 8.93
* PeopleSoft OneWorldXe/ERP8 Applications, versions SP22 and higher
NOTE: Consult the original vendor advisory for a vulnerability matrix detailing affected components, requirements, and impact.
SOFTWARE:
Oracle Application Server 10g
Oracle Collaboration Suite Release 2
Oracle Database 8.x
Oracle Database Server 10g
Oracle E-Business Suite 11i
Oracle Enterprise Manager 10.x
Oracle Enterprise Manager 9.x
Oracle9i Application Server
Oracle9i Database Enterprise Edition
Oracle9i Database Standard Edition
PeopleSoft EnterpriseOne Applications 8.x
PeopleSoft OneWorldXe/ERP8 Applications
SOLUTION:
Apply patches (see vendor advisory).
PROVIDED AND/OR DISCOVERED BY:
The vendor credits the following people:
* Esteban Mart?nez Fay?, Application Security Inc.
* Stephen Kost, Integrigy.
* David Litchfield, NGSSoftware.
ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf
VERIFY ADVISORY:
http://secunia.com/advisories/14935/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050414120910992