Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Oracle Database Bugs Let Remote Authenticated Users Gain Full Control and Let Remote Users Partial Access and Modify Data and Deny Service
|
|
SecurityTracker Alert ID: 1026929 |
|
SecurityTracker URL: http://securitytracker.com/id/1026929
|
|
CVE Reference:
CVE-2012-0510, CVE-2012-0511, CVE-2012-0512, CVE-2012-0519, CVE-2012-0520, CVE-2012-0525, CVE-2012-0526, CVE-2012-0527, CVE-2012-0528, CVE-2012-0534, CVE-2012-0552, CVE-2012-1708
(Links to External Site)
|
Date: Apr 17 2012
|
Impact:
Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3; and prior versions
|
Description:
Multiple vulnerabilities were reported in Oracle Database. A remote authenticated user can gain full control the target system. A remote user can partially access and modify data on the target system. A remote user can cause partial denial of service conditions.
The core RDBMS [CVE-2012-0510, CVE-2012-0519, CVE-2012-0534], OCI [CVE-2012-0511], Enterprise Manager Base Platform [CVE-2012-0512, CVE-2012-0520, CVE-2012-0525, CVE-2012-0526, CVE-2012-0527, CVE-2012-0528], Oracle Spatial [CVE-2012-0552], and Application Express [CVE-2012-1708] components are affected.
The following researchers reported these and other Oracle vulnerabilities:
Alexander Kornbrust of Red Database Security; Andrea Micalizzi aka rgod, working with TippingPoint's Zero Day Initiative; Brian Gorenc TippingPoint DVLabs; Dave Love; David Litchfield of V3rity; Edward Torkington; Esteban Martinez Fayo of Application Security, Inc.; Frank Stuart; G & W Laboratories of TippingPoint's Zero Day Initiative; Nathan Catlow of Recx; Peter Maklary of LYNX Ltd.; Pierre Ernst of IBM Canada; Roberto Suggi Liverani of Security-Assessment.com; Shrikant Antre and Sunil Yadav of Network Intelligence; Sow Ching Shiong, reported through Secunia; Vishal K; and William Hay.
|
Impact:
A remote authenticated user can gain full control of the target system.
A remote user can partially access and modify data on the target system.
A remote user can cause partial denial of service conditions.
|
Solution:
The vendor has issued a fix, described in their April 2012 Critical Patch Update advisory.
The vendor's advisory is available at:
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
|
Vendor URL: www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003), Windows (2008), Windows (Vista), Windows (XP)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
Go to the Top of This SecurityTracker Archive Page
|
