Published: 2007-10-21T21:40+00:00    Last Updated: 2008-05-25T04:15+00:00

TRTA07-290A
Oracle Updates for Multiple Vulnerabilties

Overview

Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.

Event Information

Date (UTC)Description
2007-10-26 13:03 Bugtraq
Oracle 10g/11g SYS.LT.FINDRICSET Local SQL Injection Exploit
Vulnerability Proof Of Concept (CVE-2007-5511)
#Cid: sys-lt-findricset.pl
2007-10-26 13:03 Bugtraq
Oracle 10g/11g SYS.LT.FINDRICSET Local SQL Injection Exploit (2)
Vulnerability Proof Of Concept (CVE-2007-5511)
#Cid: sys-lt-findricsetV2.pl
2007-10-26 Bugtraq
Oracle 10g LT.FINDRICSET Local SQL Injection Exploit (IDS evasion)
Vulnerability Proof Of Concept (CVE-2007-5511)
2007-10-23 Bugtraq
Oracle 10g CTX_DOC.MARKUP SQL Injection Exploit
Vulnerability Proof Of Concept (CVE-2007-5508)
#Cid: 26101.sql
2007-10-17 19:13 US-CERT
TA07-290A: Oracle Updates for Multiple Vulnerabilties
Via US-CERT Mailing List
Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
2007-10-17 13:24 US-CERT
Oracle Releases October Critical Patch Update
Oracle has released their October Critical Patch Update (CPU) to address 51 vulnerabilities across several products. This CPU contains twenty-eight security fixes for Oracle Database; eleven for Oracle Application Server; seven for Oracle Collaboration Suite; eight for Oracle E-Business Suite; two for Oracle Enterprise Manager; two for Oracle PeopleSoft Enterprise PeopleTools; and one for PeopleSoft Enterprise Human Capital Management.
2007-10-16 20:47 Oracle
Oracle Critical Patch Update - October 2007
2006-08-23 NGSSoftware
#NISR17102007B: SQL Injection Flaw in Oracle Workspace Manager
Vulnerability Reported
The Workspace Manager in Oracle 10g release 1 and 2 and Oracle 9i is vulnerable to SQL injection.
2006-06-23 NGSSoftware
#NISR17102007D: Oracle RDBMS Data packet DoS
Oracle Database Vuln# DB20
Vulnerability Reported
The Oracle RDBMS on receiving an invalid TNS data packet will use 100% of the CPU's time introducing a Denial of Service condition.
2006-06-22 NGSSoftware
#NISR17102007C: Oracle TNS Listener DoS and/or remote memory inspection
Oracle Database Vuln# DB22
Vulnerability Reported
The TNS Listener can be crashed by an attacker causing a Denial of Service; alternatively the attacker can use the same flaw to expose memory contents remotely. This may reveal sensitive information.
2006-06-06 NGSSoftware
#NISR17102007A: Multiple SQL Injection Flaws in Oracle CTX_DOC package
Oracle Database Vuln# DB03
Vulnerability Reported
The Intermedia application in Oracle 10g release 1 and 2 is vulnerable to SQL injection.
2006-03-09 NGSSoftware
#NISR17102007E: Oracle audit issue with XMLDB ftp service
Oracle Database Vuln# DB23
Vulnerability Reported
The Oracle XML DB ftp service contains problems with auditing logins.
2005-02-25 Application Security Inc.
Team SHATTER Security Alert Oracle 2007-08: Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO
Vulnerability Reported
Oracle Database Server provides the SYS.DBMS_AQADM_SYS package that is used internally by the SYS.DBMS_AQADM package to provide procedures to manage Oracle Streams Advanced Queuing (AQ) configuration and administration information. This package contains the procedure DBLINK_INFO which is vulnerable to buffer overflow attacks.
2005-02-25 Application Security Inc.
Team SHATTER Security Alert Oracle 2007-09: Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM
Vulnerability Reported
Oracle Database Server provides the MDSYS.SDO_CS package that contains subprograms for working with coordinate systems. This package contains the function TRANSFORM which is vulnerable to buffer overflow attacks.