Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Oracle Enterprise Manager Grid Control Bugs Let Remote Users Partially Access and Modify Data and Partially Deny Service
|
|
SecurityTracker Alert ID: 1025800 |
|
SecurityTracker URL: http://securitytracker.com/id/1025800
|
|
CVE Reference:
CVE-2011-0811, CVE-2011-0816, CVE-2011-0822, CVE-2011-0830, CVE-2011-0831, CVE-2011-0845, CVE-2011-0848, CVE-2011-0852, CVE-2011-0870, CVE-2011-0875, CVE-2011-0876, CVE-2011-0877, CVE-2011-0879, CVE-2011-0881, CVE-2011-0882, CVE-2011-2244, CVE-2011-2248, CVE-2011-2257
(Links to External Site)
|
Date: Jul 19 2011
|
Impact:
Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 10.1.0.6, 10.2.0.5, 11.1.0.1
|
Description:
Multiple vulnerabilities were reported in Oracle Enterprise Manager Grid Control. A remote or remote authenticated user can partially access and modify data and cause partial denial of service conditions. A local user can access data on the target system.
The Enterprise Config Management [CVE-2011-0811, CVE-2011-0831], CMDB Metadata & Instance APIs [CVE-2011-0816], Streams, AQ & Replication Mgmt [CVE-2011-0822], Event Management [CVE-2011-0830], Database Control [CVE-2011-0845], Security Framework [CVE-2011-0848, CVE-2011-2244], Security Management [CVE-2011-0852], Schema Management [CVE-2011-0870], EMCTL [CVE-2011-0875, CVE-2011-0881], Enterprise Manager Console [CVE-2011-0876], Instance Management [CVE-2011-0877, CVE-2011-0879], Content Management [CVE-2011-0882], SQL Performance Advisories/UIs [CVE-2011-2248], and Database Target Type Menus [CVE-2011-2257] components are affected.
The following researchers reported these and other Oracle vulnerabilities:
Abdul-Aziz Hariri, reported through Secunia; Alexander Kornbrust of Red Database Security; Alexandr Polyakov of Digital Security; Brett Gervasoni of Sense of Security; CERT/CC; Dennis Yurichev; Esteban Martinez Fayo of Application Security, Inc.; Guy Pilosof of McAfee Security Research; Laszlo Toth; Michael Myngerbayev of McAfee Security Research; Monarch2020 of unsecurityresearch; Ofer Maor of Hacktics; Okan Basegmez of DORASEC Consulting; Paul M. Wright formerly of NGS Software; Scott Laurie of MWR InfoSecurity; Sow Ching Shiong, reported through Secunia; Steven Seeley of Corelan Team; Sumit Siddharth from 7safe; Tenable Network Security of TippingPoint's Zero Day Initiative; and Will Dormann of CERT/CC.
|
Impact:
A remote or remote authenticated user can partially access and modify data and cause partial denial of service conditions.
A local user can access data on the target system.
|
Solution:
The vendor has issued a fix, described in their July 2011 Critical Patch Update advisory.
The vendor's advisory is available at:
http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
|
Vendor URL: www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003), Windows (2008), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 19 Jul 2011 22:09:27 +0000
Subject: Oracle Enterprise Manager Grid Control
|
CVE-2011-0811
CVE-2011-0816
CVE-2011-0822
CVE-2011-0830
CVE-2011-0831
CVE-2011-0845
CVE-2011-0848
CVE-2011-0852
CVE-2011-0870
CVE-2011-0875
CVE-2011-0876
CVE-2011-0877
CVE-2011-0879
CVE-2011-0881
CVE-2011-0882
CVE-2011-2244
CVE-2011-2248
CVE-2011-2257
|
|
Go to the Top of This SecurityTracker Archive Page
|
