SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Oracle Application Server Vendors:  Oracle
Oracle Application Server Has Multiple Portal and iSQL*Plus Flaws That Let Remote Users Take Control of the Server
SecurityTracker Alert ID:  1011126
SecurityTracker URL:  http://securitytracker.com/id?1011126
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 1 2004
Impact:  User access via local system, User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Advisory:  NGSSoftware
Version(s): 9i and 10g; 9.0.4.1 9.0.4.0, 9.0.3.1, 9.0.2.3, and 1.0.2.2
Description:  Multiple vulnerabilities were reported Oracle's Application Server. A remote user can obtain control of the application server.

In July 2004, NGSSoftware reported 34 vulnerabilities in Oracle's Database Server and Application Server products, most of which are considered critical. The vulnerabilities include buffer overflows, PL/SQL injection, trigger abuse, character set conversion errors, and denial of service bugs.

the Portal and iSQL*Plus components of Oracle Application Server are affected.

Specific details have not been published. However, NGSSoftware plans to issue details by December 2004.
Impact:  A remote user can take control of the application server.
Solution:  Oracle has issued a fix. Patch information is provided in MetaLink Document ID 281189.1, available at:

http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocu ment?p_database_id=NOT&p_id=281189.1

A fix is available in Oracle Application Server 10g (9.0.4) and will be included in version 9.0.4.2.
Vendor URL:  www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf (Links to External Site)
Cause:  Boundary error, Input validation error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)

Message History:   None.

 Source Message Contents

 

[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC