Oracle Critical Patch Update - January 2007

oracle-cpu-jan2007 (31541) The risk level is classified as HighHigh Risk

Description:

Oracle Critical Patch Update - January 2007 contains fixes for multiple security vulnerabilities affecting various Oracle products and components. These vulnerabilities include multiple SQL injection issues and multiple unspecified issues, the most serious of which could be used to gain complete control over an affected system.


Consequences:

Informational

Remedy:

Refer to Oracle Critical Patch Update - January 2007 for patch, upgrade, or suggested workaround information. See References.

References:

  • IBM Internet Security Systems X-Force Database: Oracle Application Server RWCGI60 genuser cross-site scripting.
  • IBM Internet Security Systems X-Force Database: Oracle Database DBMS_CAPTURE_ADM_INTERNAL multiple buffer overflows.
  • IBM Internet Security Systems X-Force Database: Oracle Database DBMS_LOGREP_UTIL GET_OBJECT_NAME buffer overflow.
  • IBM Internet Security Systems X-Force Database: Oracle Application Server EmChartBean directory traversal.
  • IBM Internet Security Systems X-Force Database: Oracle Database SYS.DBMS_AQ SQL injection.
  • IBM Internet Security Systems X-Force Database: Oracle Notification Service (ONS) TCP packet buffer overflow.
  • IBM Internet Security Systems X-Force Database: Oracle Database XMLDB unspecified cross-site scripting.
  • IBM Internet Security Systems X-Force Database: Oracle Enteprise Grid Console OPMN daemon format string.
  • IBM Internet Security Systems X-Force Database: Oracle Database DBMS_DRS GET_PROPERTY buffer overflow.
  • IBM Internet Security Systems X-Force Database: Oracle Database DBMS_LOGMNR ADD_LOGFILE buffer overflow.
  • IBM Internet Security Systems X-Force Database: Oracle Database MDSYS.MD multiple buffer overflows.
  • IBM Internet Security Systems X-Force Database: Oracle Database DBMS_REPCAT_UNTRUSTED UNREGISTER_SNAPSHOT buffer overflow.
  • Oracle Critical Patch Update - January 2007: Oracle Critical Patch Update Advisory - January 2007.
  • Red-Database-Security Web site: Details Oracle Critical Patch Update January 2007.
  • US-CERT Technical Cyber Security Alert TA07-017A: Oracle Releases Patches for Multiple Vulnerabilities.
  • BID-22008: Retired: Oracle January 2007 Advance Notification Multiple Vulnerabilities
  • CVE-2007-0268: Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.
  • CVE-2007-0269: Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02.
  • CVE-2007-0270: Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via the GET_PROPERTY function in SYS.DBMS_DRS, aka DB03.
  • CVE-2007-0271: Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the ADD_LOGFILE procedure for the SYS.DBMS_LOGMNR package that allows code execution.
  • CVE-2007-0272: Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05.
  • CVE-2007-0273: Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities.
  • CVE-2007-0274: Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL.
  • CVE-2007-0275: Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.
  • CVE-2007-0276: Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16).
  • CVE-2007-0277: Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11.
  • CVE-2007-0278: Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14).
  • CVE-2007-0279: Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07.
  • CVE-2007-0280: Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS).
  • CVE-2007-0281: Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04.
  • CVE-2007-0282: Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.
  • CVE-2007-0283: Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02.
  • CVE-2007-0284: Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04.
  • CVE-2007-0285: Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01.
  • CVE-2007-0286: Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.
  • CVE-2007-0287: Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08.
  • CVE-2007-0288: Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.
  • CVE-2007-0289: Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06.
  • CVE-2007-0290: Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06).
  • CVE-2007-0291: Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.
  • CVE-2007-0292: Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02. NOTE: EM05 might be related to CVE-2007-0222.
  • CVE-2007-0293: Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors related to (1) Oracle Agent (EM03) and (2) EM04 and (3) EM05 in Enterprise Manager Console. NOTE: EM05 might be related to CVE-2007-0222.
  • CVE-2007-0294: Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06.
  • CVE-2007-0295: Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01.
  • CVE-2007-0296: Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02.
  • CVE-2007-0297: Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03.
  • OSVDB ID: 32872: Oracle PeopleSoft PeopleTools PIA Component HTTP Unspecified Remote DoS
  • OSVDB ID: 32873: Oracle PeopleSoft PeopleTools PIA Component HTTP Unspecified Information Disclosure
  • OSVDB ID: 32874: Oracle PeopleSoft PeopleTools HTTP Unspecified Authenticated XSS
  • OSVDB ID: 32880: Oracle Enterprise Manager Cloning & Data Guard Management Unspecified Information Disclosure
  • OSVDB ID: 32881: Oracle HTTP Server SSL Module Unspecified Remote Issue (OHS01)
  • OSVDB ID: 32882: Oracle HTTP Server SSL Module Unspecified Remote Issue (OHS02)
  • OSVDB ID: 32883: Oracle HTTP Server Unspecified Issue (OHS03)
  • OSVDB ID: 32884: Oracle HTTP Server Unspecified Issue (OHS04)
  • OSVDB ID: 32885: Oracle HTTP Server SSL Module Unspecified Remote DoS (OHS05)
  • OSVDB ID: 32886: Oracle HTTP Server SSL Module Unspecified Remote DoS (OHS06)
  • OSVDB ID: 32887: Oracle HTTP Server Unspecified Information Disclosure
  • OSVDB ID: 32888: Oracle E-Business Suite Application Object Library HTTP Authenticated Unspecified Issue
  • OSVDB ID: 32889: Oracle E-Business Suite Exchange HTTP Negotiations User Unspecified Information Disclosure
  • OSVDB ID: 32890: Oracle E-Business Suite Human Resources Administrator Unspecified Information Disclosure
  • OSVDB ID: 32891: Oracle E-Business Suite Payables User Account Unspecified Information Disclosure
  • OSVDB ID: 32892: Oracle E-Business Suite Trading Community Architecture Administrator Unspecified Information Disclosure
  • OSVDB ID: 32893: Oracle E-Business Suite Web Applications Desktop Integrator Unspecified Issue
  • OSVDB ID: 32894: Oracle Multiple Products Reports Developer HTTP Unspecified Issue
  • OSVDB ID: 32895: Oracle Multiple Products Containers for J2EE HTTP Unspecified Issue (OC4J01)
  • OSVDB ID: 32896: Oracle Multiple Products Containers for J2EE HTTP Unspecified Issue (OC4J02)
  • OSVDB ID: 32897: Oracle Multiple Products Containers for J2EE HTTP Unspecified Information Disclosure (OC4J03)
  • OSVDB ID: 32898: Oracle Multiple Products Containers for J2EE HTTP Unspecified Issue (OC4J04)
  • OSVDB ID: 32899: Oracle Collaboration Suite Containers for J2EE HTTP Unspecified Information Disclosure (OC4J05)
  • OSVDB ID: 32900: Oracle Collaboration Suite Containers for J2EE HTTP Unspecified Issue (OC4J06)
  • OSVDB ID: 32901: Oracle Multiple Products Containers for J2EE Unauthenticated Unspecified Information Disclosure
  • OSVDB ID: 32902: Oracle Multiple Products Containers for J2EE jazn.jar Local Information Disclosure
  • OSVDB ID: 32903: Oracle Application Server Internet Directory LDAP Unspecified Information Disclosure
  • OSVDB ID: 32904: Oracle Multiple Products Process Mgmt & Notification ONS OPMN Daemon Remote Format String (OPMN02)
  • OSVDB ID: 32906: Oracle Multiple Products Workflow Cartridge rwcgi60 genuser Parameter XSS
  • OSVDB ID: 32908: Oracle Database Change Data Capture sys.dbms_cdc_subscribe Unspecified Issue
  • OSVDB ID: 32916: Oracle Database Advanced Security Option oklist / okdstry Unspecified Local Issue
  • OSVDB ID: 32917: Oracle Database Export expdp / impdp Unspecified Local Issue
  • OSVDB ID: 32918: Oracle Database NLS Runtime lmsgen Unspecified Local Issue
  • OSVDB ID: 32919: Oracle Database Net Services tnslsnr Unspecified Local Issue
  • OSVDB ID: 32920: Oracle Database Text ctxkbtc Unspecified Local Issue
  • OSVDB ID: 32922: Oracle Database Recovery Manager oklist Unspecified Local Issue
  • SA23794: Oracle Products Multiple Vulnerabilities
  • SECTRACK ID: 1017522: Oracle Database and Other Products Have 52 Unspecified Vulnerabilities With Unspecified Impact
  • US-CERT VU#221788: Oracle SYS.DBMS_AQ package vulnerable to PL/SQL injection

Platforms Affected:

  • Oracle Application Server 1.0.2.2
  • Oracle Application Server 10.1.2.0.0 R2
  • Oracle Application Server 10.1.2.0.1 R2
  • Oracle Application Server 10.1.2.0.2 R2
  • Oracle Application Server 10.1.2.1.0 R2
  • Oracle Application Server 10.1.2.2.0 R2
  • Oracle Application Server 10.1.3.0.0 R3
  • Oracle Application Server 10.1.3.1.0 R3
  • Oracle Application Server 9.0.2.3 R2
  • Oracle Application Server 9.0.4.1
  • Oracle Application Server 9.0.4.2
  • Oracle Application Server 9.0.4.3
  • Oracle Database Server 10.1.0.3 R1
  • Oracle Database Server 10.1.0.4 R1
  • Oracle Database Server 10.1.0.5 R1
  • Oracle Database Server 10.2.0.1 R2
  • Oracle Database Server 10.2.0.2 R2
  • Oracle Database Server 10.2.0.3 R2
  • Oracle Database Server 8.1.7.4
  • Oracle Database Server 9.0.1.4 R1
  • Oracle Database Server 9.0.1.5 R1
  • Oracle Database Server 9.0.1.5 FIPS
  • Oracle Database Server 9.2.0.5 R2
  • Oracle Database Server 9.2.0.6 R2
  • Oracle Database Server 9.2.0.7 R2
  • Oracle Database Server 9.2.0.8 R2
  • Oracle Developer Suite 10.1.2.0.2
  • Oracle Developer Suite 6i
  • Oracle Developer Suite 9.0.4.3
  • Oracle E-Business Suite 11.0
  • Oracle E-Business Suite 11.5.10
  • Oracle E-Business Suite 11.5.10 CU2
  • Oracle E-Business Suite 11.5.7
  • Oracle E-Business Suite 11.5.8
  • Oracle E-Business Suite 11.5.9
  • Oracle Enterprise Manager Grid Control 10.1.0.3
  • Oracle Enterprise Manager Grid Control 10.1.0.4
  • Oracle Enterprise Manager Grid Control 10.1.0.5
  • Oracle Enterprise Manager Grid Control 10.2.0.1
  • Oracle Identity Management 10g 10.1.4.0.1
  • Oracle PeopleSoft Enterprise PeopleTools 8.22
  • Oracle PeopleSoft Enterprise PeopleTools 8.47
  • Oracle PeopleSoft Enterprise PeopleTools 8.48

Reported:

Jan 16, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page