Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в Oracle
дополнено с 26 октября 2008 г.
Опубликовано:14 ноября 2008 г.
Источник:
SecurityVulns ID:9382
Тип:удаленная
Уровень опасности:
8/10
Описание:Вышел очередной ежеквартальный набор исправлений с полным набором категорий исправленных уязвимостей.
Затронутые продукты:ORACLE : Oracle 9i
 ORACLE : Oracle 8i
 ORACLE : Oracle 10g
 ORACLE : Oracle 11g
CVE:CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct.)
 CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH.)
 CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.)
 CVE-2008-3994 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to WMSYS.LTADM.)
 CVE-2008-3984 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.)
 CVE-2008-3983 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.)
 CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.)
 CVE-2008-2625 (Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy authentication mode.)
Оригинальный текстdocumentSHATTER, Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE (14.11.2008)
 documentSHATTER, Team SHATTER Security Advisory: Oracle Database multiple SQL Injection vulnerabilities in Workspace Manager (14.11.2008)
 documentSHATTER, Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE (14.11.2008)
 documentSHATTER, Team SHATTER Security Advisory: Oracle Database Multiple SQL Injection vulnerabilities in LTADM (14.11.2008)
 documentpete_(at)_petefinnigan.com, Advisory for Oracle CPU October 2008 - APEX Flows excessive privileges (26.10.2008)
 documentAmichai Shulman, CVE-2008-4000: Oracle PeopleTools – Authentication Weakness (26.10.2008)
 documentAmichai Shulman, CVE-2008-2625: Oracle DBMS – Proxy Authentication Vulnerability (26.10.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород