10-20-2005, 02:36 PM
Se reportaron 85 vulnerabilidades en productos Oracle, las cuales pueden ser explotadas en forma local o remota para provocar una denegación de servicio, para ejecutar comandos arbitrarios, para realizar ataques de "SQL injection" y de "cross-site scripting" o para evitar ciertas restricciones de seguridad. Cabe aclarar que algunas de estas vulnerabilidades tienen impacto desconocido.
Resumen
Errores no especificados en ciertos componentes de productos Oracle pueden ser explotadas en forma local o remota para causar una denegación de servicio, ejecutar comandos arbitrarios, realizar ataques de "SQL injection" y de "cross-site scripting" o evitar ciertas restricciones de seguridad.
Versiones Afectadas
Los productos afectados son los siguientes:
Oracle Database Server 10g Release 1 version 10.1.0.3
Oracle Database Server 10g Release 1 version 10.1.0.4
Oracle Database Server 10g Release 1 version 10.1.0.4.2
Oracle9i Database Server Release 1 version 9.0.1.4
Oracle9i Database Server Release 1 version 9.0.1.5
Oracle9i Database Server Release 1 version 9.0.1.5 FIPS
Oracle9i Database Server Release 2 version 9.2.0.5
Oracle9i Database Server Release 2 version 9.2.0.6
Oracle9i Database Server Release 2 version 9.2.0.7
Oracle8i Database Server Release 3 version 8.1.7.4
Oracle Enterprise Manager Application Server Control version 9.0.4.1
Oracle Enterprise Manager Application Server Control version 9.0.4.2
Oracle Enterprise Manager 10g Database Control version 10.1.0.3
Oracle Enterprise Manager 10g Database Control version 10.1.0.4
Oracle Enterprise Manager 10g Grid Control version 10.1.0.3
Oracle Enterprise Manager 10g Grid Control version 10.1.0.4
Oracle Application Server 10g Release 2 version 10.1.2.0.0
Oracle Application Server 10g Release 2 version 10.1.2.0.1
Oracle Application Server 10g Release 2 version 10.1.2.0.2
Oracle Application Server 10g Release 1 (9.0.4) version 9.0.4.1
Oracle Application Server 10g Release 1 (9.0.4) version 9.0.4.2
Oracle E-Business Suite Release 11i version 11.5.1 through 11.5.10
Oracle E-Business Suite Release 11i version 11.5.10 CU2
Oracle E-Business Suite Release 11.0
Oracle Clinical version 4.5.0
Oracle Clinical version 4.5.1
Oracle Developer Suite version 9.0.2.1
Oracle Developer Suite version 9.0.4.1
Oracle Developer Suite version 9.0.4.2
Oracle Developer Suite version 10.1.2.0
Oracle Workflow version 11.5.1 through 11.5.9.5
Oracle Collaboration Suite 10g Release 1 version 10.1.1
Oracle8 Database Server Release 8.0.6 version 8.0.6.3
Oracle9i Collaboration Suite Release 2 version 9.0.4.2
Oracle9i Application Server Release 2 version 9.0.2.3
Oracle9i Application Server Release 2 version 9.0.3.1
Oracle9i Application Server Release 1 version 1.0.2.2
PeopleSoft Enterprise Tools version 8.1 through 8.46.03
PeopleSoft CRM version 8.81 through 8.9
JD Edwards EnterpriseOne, OneWorld XE version 8.95_B1
JD Edwards EnterpriseOne, OneWorld XE version 8.94_Q1
JD Edwards EnterpriseOne, OneWorld XE version SP23_K1
Detalle
Errores no especificados en Oracle Database Server, Application Server, Collaboration Suite, E-Business Suite, Applications, Enterprise Manager, PeopleSoft Enterprise y JD Edwards EnterpriseOne pueden ser
explotados en forma local o remota para causar una denegación de servicio, ejecutar comandos arbitrarios, realizar ataques de "SQL injection" y de "cross-site scripting" o evitar ciertas restricciones de seguridad.
Impacto
El impacto de estas vulnerabilidades es ALTO
Recomendaciones
Se recomienda instalar los parches correspondientes:
http://www.oracle.com/technology/deploy/...t2005.html
....
Alerta original
Secunia
US-CERT
Security Focus
Saludos!!...
Resumen
Errores no especificados en ciertos componentes de productos Oracle pueden ser explotadas en forma local o remota para causar una denegación de servicio, ejecutar comandos arbitrarios, realizar ataques de "SQL injection" y de "cross-site scripting" o evitar ciertas restricciones de seguridad.
Versiones Afectadas
Los productos afectados son los siguientes:
Oracle Database Server 10g Release 1 version 10.1.0.3
Oracle Database Server 10g Release 1 version 10.1.0.4
Oracle Database Server 10g Release 1 version 10.1.0.4.2
Oracle9i Database Server Release 1 version 9.0.1.4
Oracle9i Database Server Release 1 version 9.0.1.5
Oracle9i Database Server Release 1 version 9.0.1.5 FIPS
Oracle9i Database Server Release 2 version 9.2.0.5
Oracle9i Database Server Release 2 version 9.2.0.6
Oracle9i Database Server Release 2 version 9.2.0.7
Oracle8i Database Server Release 3 version 8.1.7.4
Oracle Enterprise Manager Application Server Control version 9.0.4.1
Oracle Enterprise Manager Application Server Control version 9.0.4.2
Oracle Enterprise Manager 10g Database Control version 10.1.0.3
Oracle Enterprise Manager 10g Database Control version 10.1.0.4
Oracle Enterprise Manager 10g Grid Control version 10.1.0.3
Oracle Enterprise Manager 10g Grid Control version 10.1.0.4
Oracle Application Server 10g Release 2 version 10.1.2.0.0
Oracle Application Server 10g Release 2 version 10.1.2.0.1
Oracle Application Server 10g Release 2 version 10.1.2.0.2
Oracle Application Server 10g Release 1 (9.0.4) version 9.0.4.1
Oracle Application Server 10g Release 1 (9.0.4) version 9.0.4.2
Oracle E-Business Suite Release 11i version 11.5.1 through 11.5.10
Oracle E-Business Suite Release 11i version 11.5.10 CU2
Oracle E-Business Suite Release 11.0
Oracle Clinical version 4.5.0
Oracle Clinical version 4.5.1
Oracle Developer Suite version 9.0.2.1
Oracle Developer Suite version 9.0.4.1
Oracle Developer Suite version 9.0.4.2
Oracle Developer Suite version 10.1.2.0
Oracle Workflow version 11.5.1 through 11.5.9.5
Oracle Collaboration Suite 10g Release 1 version 10.1.1
Oracle8 Database Server Release 8.0.6 version 8.0.6.3
Oracle9i Collaboration Suite Release 2 version 9.0.4.2
Oracle9i Application Server Release 2 version 9.0.2.3
Oracle9i Application Server Release 2 version 9.0.3.1
Oracle9i Application Server Release 1 version 1.0.2.2
PeopleSoft Enterprise Tools version 8.1 through 8.46.03
PeopleSoft CRM version 8.81 through 8.9
JD Edwards EnterpriseOne, OneWorld XE version 8.95_B1
JD Edwards EnterpriseOne, OneWorld XE version 8.94_Q1
JD Edwards EnterpriseOne, OneWorld XE version SP23_K1
Detalle
Errores no especificados en Oracle Database Server, Application Server, Collaboration Suite, E-Business Suite, Applications, Enterprise Manager, PeopleSoft Enterprise y JD Edwards EnterpriseOne pueden ser
explotados en forma local o remota para causar una denegación de servicio, ejecutar comandos arbitrarios, realizar ataques de "SQL injection" y de "cross-site scripting" o evitar ciertas restricciones de seguridad.
Impacto
El impacto de estas vulnerabilidades es ALTO
Recomendaciones
Se recomienda instalar los parches correspondientes:
http://www.oracle.com/technology/deploy/...t2005.html
....
Alerta original
Secunia
US-CERT
Security Focus
Saludos!!...