Secunia Security Advisory - Some vulnerabilities and a security issue have been reported in various Oracle products. Some have unknown impacts, others can be exploited by malicious people to cause a DoS (Denial of Service), conduct spoofing attacks, disclose sensitive information, or compromise a vulnerable system.
a214067b0d23aef072a753263c716726676e2b045906bfd59c98dd768b9613da
----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Oracle Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35776
VERIFY ADVISORY:
http://secunia.com/advisories/35776/
DESCRIPTION:
Some vulnerabilities and a security issue have been reported in
various Oracle products. Some have unknown impacts, others can be
exploited by malicious people to cause a DoS (Denial of Service),
conduct spoofing attacks, disclose sensitive information, or
compromise a vulnerable system.
1) Multiple vulnerabilities in JRockit can be exploited by malicious
people to cause a DoS (Denial of Service) or compromise a user's
system.
For more information:
SA34451
2) A vulnerability in Oracle Complex Event Processing can be
exploited to disclose sensitive information.
For more information see vulnerability #1 in:
SA34975
3) An error exists within the processing of certain XML Signature
documents within Oracle WebLogic Server (Web Services Component) and
Oracle Secure Development Toolkit/Oracle Web Services Manager.
For more information, see security issue #4 in:
SA34461
The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available.
The vulnerabilities are reported in the following products and
versions:
* Oracle Database 11g, version 11.1.0.6, 11.1.0.7
* Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4
* Oracle Database 10g, version 10.1.0.5
* Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
* Oracle Application Server 10g Release 2 (10.1.2), version
10.1.2.3.0
* Oracle Application Server 10g Release 3 (10.1.3), versions
10.1.3.3.0, 10.1.3.4.0
* Oracle Identity Management 10g, version 10.1.4.0.1, 10.1.4.2.0,
10.1.4.3.0
* Oracle E-Business Suite Release 12, version 12.1
* Oracle E-Business Suite Release 12, version 12.0.6
* Oracle E-Business Suite Release 11i, version 11.5.10.2
* Oracle Enterprise Manager Database Control 11, version 11.1.0.6,
11.1.0.7
* Oracle Enterprise Manager Grid Control 10g Release 4, version
10.2.0.4
* PeopleSoft Enterprise PeopleTools versions: 8.49
* PeopleSoft Enterprise HRMS versions: 8.9 and 9.0
* Siebel Highly Interactive Client versions: 7.5.3, 7.7.2, 7.8, 8.0,
8.1
* Oracle WebLogic Server 10.3, 10.0MP1
* Oracle WebLogic Server 9.0 GA, 9.1 GA, 9.2 through 9.2 MP3
* Oracle WebLogic Server 8.1 through 8.1 SP6
* Oracle WebLogic Server 7.0 through 7.0 SP7
* Oracle Complex Event Processing 10.3 and WebLogic Event Server 2.0
* Oracle JRockit R27.6.3 and earlier (JDK/JRE 6, 5, 1.4.2)
* Oracle Secure Backup prior to version 10.2.0.3
* Oracle Secure Enterprise Search prior to version 10.1.8.3
SOLUTION:
Apply patches (please see the vendor's advisory).
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
* Anonymous of TippingPoint (3com)
* Esteban Martinez Fayo of Application Security, Inc.
* Kowsik Guruswamy of Mu Security
* Joxean Koret
* Alexander Kornbrust of Red Database Security
* David Litchfield of NGS Software
* Oleg P. of HSC Security Portal
* Alexandr Polyakov of Digital Security
* noderat ratty
* Dennis Yurichev
CHANGELOG:
2009-07-15: Updated advisory to include security issue #3.
ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
OTHER REFERENCES:
SA34451:
http://secunia.com/advisories/34451/
SA34461:
http://secunia.com/advisories/34461/
SA34975:
http://secunia.com/advisories/34975/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------