SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Oracle Secure Enterprise Search Vendors:   Oracle
Oracle Secure Enterprise Search Bugs Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022565
SecurityTracker URL:  http://securitytracker.com/id/1022565
CVE Reference:   CVE-2009-1977, CVE-2009-1978   (Links to External Site)
Date:  Jul 15 2009
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.1.8.3
Description:   Two vulnerabilities reported in Oracle Secure Enterprise Search. A remote user can execute arbitrary code on the target system.

One of the vulnerabilities requires authentication to exploit.

On Linux and UNIX based systems, the remote user can only partially affect confidentiality, availability, and integrity.

No other details were provided.

The Oracle Secure Backup component is affected.

The following researchers reported these and other Oracle vulnerabilities:

Anonymous of TippingPoint (3com); Esteban Martinez Fayo of Application Security, Inc.; Kowsik Guruswamy of Mu Security; Joxean Koret; Alexander Kornbrust of Red Database Security; David Litchfield of NGS Software; Oleg P. of HSC Security Portal; Alexandr Polyakov of Digital Security; noderat ratty; and Dennis Yurichev.
Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued a fix (10.1.8.3), described in their July 2009 Critical Patch Update advisory.

The Oracle advisory is available at:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
Vendor URL:  www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html (Links to External Site)
Cause:   Not specified
Underlying OS:   Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (2000), Windows (2003), Windows (XP)

Message History:   None.

 Source Message Contents
Date:  Wed, 15 Jul 2009 00:14:10 -0400
Subject:  Oracle Secure Enterprise Search


http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html

Oracle Secure Backup

CVE-2009-1977
CVE-2009-1978


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC