Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Oracle Database, several vulnerabilities of April 2009

April 2009 by Vigil@nce

Several vulnerabilities are corrected by the CPU of April 2009.

 Severity: 2/4
 Consequences: user access/rights, data reading, data
creation/edition, denial of service of service
 Provenance: user account
 Means of attack: 1 attack
 Ability of attacker: technician (2/4)
 Confidence: confirmed by the editor (5/5)
 Diffusion of the vulnerable configuration: high (3/3)
 Number of vulnerabilities in this bulletin: 16
 Creation date: 15/04/2009
 Revision date: 21/04/2009

IMPACTED PRODUCTS

 Oracle Database
 Oracle Net Services
 Oracle SQL*Net

DESCRIPTION OF THE VULNERABILITY

The CPU (Critical Patch Update) of April 2009 corrects several
vulnerabilities of Oracle Database. Oracle’s announce contains a
detailed table, summarized below.

An attacker can obtain or alter information or create a denial of
service via a vulnerability of Resource Manager. [grav:2/4;
CVE-2009-0979]

An attacker can obtain or alter information or create a denial of
service via a vulnerability of Core RDBMS. [grav:2/4;
CVE-2009-0985]

An attacker can obtain or alter information or create a denial of
service via a vulnerability of Workspace Manager. [grav:2/4;
CVE-2009-0972]

An attacker can inject SQL in the GRANT_TYPE_ACCESS procedure of
the DBMS_AQADM_SYS package of Advanced Queuing. [grav:2/4;
CVE-2009-0977]

An attacker can inject SQL in the DEQ_EXEJOB procedure of the
DBMS_AQIN package of Advanced Queuing. [grav:2/4; CVE-2009-0992]

An attacker can obtain or alter information via a vulnerability of
Database Vault. [grav:2/4; CVE-2009-0984]

An attacker can alter information or create a denial of service
via a vulnerability of SQLX Functions. [grav:2/4; CVE-2009-0980]

An attacker can obtain or alter information via a vulnerability of
Workspace Manager. [grav:2/4; CVE-2009-0975]

An attacker can obtain or alter information via a vulnerability of
Workspace Manager. [grav:2/4; CVE-2009-0976]

An attacker can obtain or alter information via a vulnerability of
Workspace Manager. [grav:2/4; CVE-2009-0978]

An attacker can obtain or alter information or create a denial of
service via a vulnerability of Workspace Manager. [grav:2/4;
CVE-2009-0986]

An attacker can create a denial of service via a vulnerability of
Cluster Ready Services. [grav:2/4; CVE-2009-0973]

An attacker can create a denial of service via a vulnerability of
Listener. [grav:2/4; CVE-2009-0991]

An attacker can obtain APEX password hashes. [grav:2/4;
CVE-2009-0981]

An attacker can obtain or alter information via a vulnerability of
Database Vault. [grav:2/4; CVE-2009-0997]

An attacker can obtain or alter information via a vulnerability of
Password Policy. [grav:2/4; CVE-2009-0988]

CHARACTERISTICS

 Identifiers: CPUapr2009, CVE-2009-0972, CVE-2009-0973,
CVE-2009-0975, CVE-2009-0976, CVE-2009-0977, CVE-2009-0978,
CVE-2009-0979, CVE-2009-0980, CVE-2009-0981, CVE-2009-0984,
CVE-2009-0985, CVE-2009-0986, CVE-2009-0988, CVE-2009-0991,
CVE-2009-0992, CVE-2009-0997, VIGILANCE-VUL-8635
 Url: http://vigilance.fr/vulnerability/Oracle-Database-several-vulnerabilities-of-April-2009-8635


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts