Oracle Linux Lets Remote Authenticated Users Partially Access and Modifiy Data
|
|
SecurityTracker Alert ID: 1026209 |
|
SecurityTracker URL: http://securitytracker.com/id/1026209
|
|
CVE Reference:
CVE-2011-2306
(Links to External Site)
|
Date: Oct 18 2011
|
Impact:
Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Oracle Linux 4, 5
|
Description:
A vulnerability was reported in Oracle Linux. A remote authenticated user can partially access and modify data on the target system.
No details were provided.
Oracle proprietary components of Oracle Linux are affected.
The following researchers reported these and other Oracle vulnerabilities:
Esteban Martinez Fayo of Application Security, Inc.; Guy Karlebach of Imperva, Inc.; Joonas Kuorilehto and Juho Juopperi; Martin Rakhmanov of Application Security, Inc.; Michael Schmidt of Compass Security; Moritz Jodeit; Ofer Maor formerly of Hacktics; Pavel Polischouk of TELUS Security Labs; Recx ApexSec; and Steven Seeley of Corelan Team.
|
Impact:
A remote authenticated user can partially access and modify data on the target system.
|
Solution:
Oracle has issued a fix, described in their October 2011 Critical Patch Update advisory.
The Oracle advisory is available at:
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
|
Vendor URL: www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 18 Oct 2011 23:06:05 +0000
Subject: Oracle Linux
|
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
CVE-2011-2306
|
|
