Oracle Critical Patch Update - January 2007

oracle-cpu-jan2007 (31541) The risk level is classified as HighHigh Risk

Description:

Oracle Critical Patch Update - January 2007 contains fixes for multiple security vulnerabilities affecting various Oracle products and components. These vulnerabilities include multiple SQL injection issues and multiple unspecified issues, the most serious of which could be used to gain complete control over an affected system.

Platforms Affected:

  • Oracle, Application Server 1.0.2.2
  • Oracle, Application Server 10.1.2.0.0 R2
  • Oracle, Application Server 10.1.2.0.1 R2
  • Oracle, Application Server 10.1.2.0.2 R2
  • Oracle, Application Server 10.1.2.1.0 R2
  • Oracle, Application Server 10.1.2.2.0 R2
  • Oracle, Application Server 10.1.3.0.0 R3
  • Oracle, Application Server 10.1.3.1.0 R3
  • Oracle, Application Server 9.0.2.3 R2
  • Oracle, Application Server 9.0.4.1
  • Oracle, Application Server 9.0.4.2
  • Oracle, Application Server 9.0.4.3
  • Oracle, Database Server 10.1.0.3 R1
  • Oracle, Database Server 10.1.0.4 R1
  • Oracle, Database Server 10.1.0.5 R1
  • Oracle, Database Server 10.2.0.1 R2
  • Oracle, Database Server 10.2.0.2 R2
  • Oracle, Database Server 10.2.0.3 R2
  • Oracle, Database Server 8.1.7.4
  • Oracle, Database Server 9.0.1.4 R1
  • Oracle, Database Server 9.0.1.5 R1
  • Oracle, Database Server 9.0.1.5 FIPS
  • Oracle, Database Server 9.2.0.5 R2
  • Oracle, Database Server 9.2.0.6 R2
  • Oracle, Database Server 9.2.0.7 R2
  • Oracle, Database Server 9.2.0.8 R2
  • Oracle, Developer Suite 10.1.2.0.2
  • Oracle, Developer Suite 6i
  • Oracle, Developer Suite 9.0.4.3
  • Oracle, E-Business Suite 11.0
  • Oracle, E-Business Suite 11.5.10
  • Oracle, E-Business Suite 11.5.10 CU2
  • Oracle, E-Business Suite 11.5.7
  • Oracle, E-Business Suite 11.5.8
  • Oracle, E-Business Suite 11.5.9
  • Oracle, Enterprise Manager Grid Control 10.1.0.3
  • Oracle, Enterprise Manager Grid Control 10.1.0.4
  • Oracle, Enterprise Manager Grid Control 10.1.0.5
  • Oracle, Enterprise Manager Grid Control 10.2.0.1
  • Oracle, Identity Management 10g 10.1.4.0.1
  • Oracle, PeopleSoft Enterprise PeopleTools 8.22
  • Oracle, PeopleSoft Enterprise PeopleTools 8.47
  • Oracle, PeopleSoft Enterprise PeopleTools 8.48

Remedy:

Refer to Oracle Critical Patch Update - January 2007 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Informational

References:

  • IBM Internet Security Systems X-Force Database, Oracle Application Server RWCGI60 genuser cross-site scripting at http://xforce.iss.net/xforce/xfdb/31584.
  • IBM Internet Security Systems X-Force Database, Oracle Database DBMS_CAPTURE_ADM_INTERNAL multiple buffer overflows at http://xforce.iss.net/xforce/xfdb/32376.
  • IBM Internet Security Systems X-Force Database, Oracle Database DBMS_LOGREP_UTIL GET_OBJECT_NAME buffer overflow at http://xforce.iss.net/xforce/xfdb/32375.
  • IBM Internet Security Systems X-Force Database, Oracle Application Server EmChartBean directory traversal at http://xforce.iss.net/xforce/xfdb/31572.
  • IBM Internet Security Systems X-Force Database, Oracle Database SYS.DBMS_AQ SQL injection at http://xforce.iss.net/xforce/xfdb/31575.
  • IBM Internet Security Systems X-Force Database, Oracle Notification Service (ONS) TCP packet buffer overflow at http://xforce.iss.net/xforce/xfdb/31580.
  • IBM Internet Security Systems X-Force Database, Oracle Database XMLDB unspecified cross-site scripting at http://xforce.iss.net/xforce/xfdb/31582.
  • IBM Internet Security Systems X-Force Database, Oracle Enteprise Grid Console OPMN daemon format string at http://xforce.iss.net/xforce/xfdb/37454.
  • IBM Internet Security Systems X-Force Database, Oracle Database DBMS_DRS GET_PROPERTY buffer overflow at http://xforce.iss.net/xforce/xfdb/32371.
  • IBM Internet Security Systems X-Force Database, Oracle Database DBMS_LOGMNR ADD_LOGFILE buffer overflow at http://xforce.iss.net/xforce/xfdb/32372.
  • IBM Internet Security Systems X-Force Database, Oracle Database MDSYS.MD multiple buffer overflows at http://xforce.iss.net/xforce/xfdb/32373.
  • IBM Internet Security Systems X-Force Database, Oracle Database DBMS_REPCAT_UNTRUSTED UNREGISTER_SNAPSHOT buffer overflow at http://xforce.iss.net/xforce/xfdb/32374.
  • Oracle Critical Patch Update - January 2007, Oracle Critical Patch Update - January 2007 at http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html.
  • Red-Database-Security Web site, Details Oracle Critical Patch Update January 2007 at http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html.
  • US-CERT Technical Cyber Security Alert TA07-017A, Oracle Releases Patches for Multiple Vulnerabilities at http://www.us-cert.gov/cas/techalerts/TA07-017A.html.
  • BID-22008: Retired: Oracle January 2007 Advance Notification Multiple Vulnerabilities
  • CVE-2007-0268: Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.
  • CVE-2007-0269: Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02.
  • CVE-2007-0270: Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via the GET_PROPERTY function in SYS.DBMS_DRS, aka DB03.
  • CVE-2007-0271: Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the ADD_LOGFILE procedure for the SYS.DBMS_LOGMNR package that allows code execution.
  • CVE-2007-0272: Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05.
  • CVE-2007-0273: Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities.
  • CVE-2007-0274: Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL.
  • CVE-2007-0275: Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.
  • CVE-2007-0276: Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16).
  • CVE-2007-0277: Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11.
  • CVE-2007-0278: Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14).
  • CVE-2007-0279: Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07.
  • CVE-2007-0280: Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS).
  • CVE-2007-0281: Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04.
  • CVE-2007-0282: Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.
  • CVE-2007-0283: Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02.
  • CVE-2007-0284: Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04.
  • CVE-2007-0285: Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01.
  • CVE-2007-0286: Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.
  • CVE-2007-0287: Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08.
  • CVE-2007-0288: Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.
  • CVE-2007-0289: Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06.
  • CVE-2007-0290: Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06).
  • CVE-2007-0291: Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.
  • CVE-2007-0292: Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02. NOTE: EM05 might be related to CVE-2007-0222.
  • CVE-2007-0293: Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors related to (1) Oracle Agent (EM03) and (2) EM04 and (3) EM05 in Enterprise Manager Console. NOTE: EM05 might be related to CVE-2007-0222.
  • CVE-2007-0294: Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06.
  • CVE-2007-0295: Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01.
  • CVE-2007-0296: Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02.
  • CVE-2007-0297: Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03.
  • SA23794: Oracle Products Multiple Vulnerabilities
  • SECTRACK ID: 1017522: Oracle Database and Other Products Have 52 Unspecified Vulnerabilities With Unspecified Impact
  • US-CERT VU#221788: Oracle SYS.DBMS_AQ package vulnerable to PL/SQL injection

Reported:

Jan 16, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page