Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
(HP Issues Advisory for Oracle for OpenView) Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact
|
|
SecurityTracker Alert ID: 1015532 |
|
SecurityTracker URL: http://securitytracker.com/id/1015532
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jan 24 2006
|
Impact:
Not specified
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Oracle for OpenView (OfO) versions 8.1.7, 9.1.01, and 9.2
|
Description:
Numerous vulnerabilities were reported in Oracle Database and other Oracle products. The impact was not specified by the vendor. Oracle for OpenView is affected.
Oracle released their Critical Patch Update for January 2006, addressing numerous vulnerabilities in Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle Enterprise Manager, and PeopleSoft Enterprise Portal product versions.
The most severe of the vulnerabilities are described by the vendor has having a "Wide" impact on the confidentiality, availability, and integrity of the system.
The following product versions are affected:
* Oracle Database 10g Release 2, version 10.2.0.1
* Oracle Database 10g Release 1, versions 10.1.0.3, 10.1.0.4, 10.1.0.5
* Oracle9i Database Release 2, versions 9.2.0.6, 9.2.0.7
* Oracle8i Database Release 3, version 8.1.7.4
* Oracle Enterprise Manager 10g Grid Control, versions 10.1.0.3, 10.1.0.4
* Oracle Application Server 10g Release 2, versions 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1.0
* Oracle Application Server 10g Release 1 (9.0.4), versions 9.0.4.1, 9.0.4.2
* Oracle Collaboration Suite 10g Release 1, versions 10.1.1, 10.1.2
* Oracle9i Collaboration Suite Release 2, version 9.0.4.2
* Oracle E-Business Suite Release 11i, versions 11.5.1 through 11.5.10 CU2
* Oracle E-Business Suite Release 11.0
* PeopleSoft Enterprise Portal, versions 8.4, 8.8, 8.9
* JD Edwards EnterpriseOne Tools, OneWorld Tools, versions 8.95.F1, SP23_L1
* Oracle Database 10g Release 1, version 10.1.0.4.2
* Oracle Developer Suite, versions 6i, 9.0.2.1, 9.0.4.1, 9.0.4.2, 10.1.2.0
* Oracle Workflow, versions 11.5.1 through 11.5.9.5
* Oracle9i Database Release 1, versions 9.0.1.4, 9.0.1.5, 9.0.1.5 FIPS
* Oracle8 Database Release 8.0.6, version 8.0.6.3
* Oracle9i Application Server Release 1, version 1.0.2.2
Oracle has provided no specifics regarding the nature of these vulnerabilities.
Oracle credits the following individuals and organizations with reporting these vulnerabilities:
Raffaele Amendola; Cesar Cerrudo and Esteban Martinez Fayo of Application Security, Inc.; Joxean Koret; Alexander Kornbrust of Red Database Security GmbH; David Litchfield of Next Generation Security Software Ltd.; Srinivas Nookala of Cenzic, Inc.; Steve Orrin formally of Watchfire, Inc.; Amichai Shulman of Imperva, Inc.
|
Impact:
The vendor did not specify the impact other than to say that the bugs have a "wide" risk impact on security.
|
Solution:
HP has indicated that users of Oracle for OpenView (OfO) should apply the Oracle Critical Patch Update - January 2006, described at:
http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
The HP advisory is available at:
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00593668
|
Vendor URL: www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00593668 (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 24 Jan 2006 06:09:05 -0500
Subject: HPSBMA02094 SSRT061104 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update January 2006
|
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00593668
|
|
Go to the Top of This SecurityTracker Archive Page
|
