Actu
Vigil@nce: Oracle Database, several vulnerabilities of January 2010
January 2010 by Vigil@nce
Several vulnerabilities of Oracle Database are corrected by the
CPU of January 2010.
– Severity: 2/4
– Consequences: privileged access/rights, data reading, data
creation/edition, denial of service of service
– Provenance: user account
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 9
– Creation date: 13/01/2010
IMPACTED PRODUCTS
– Oracle Database
– Oracle SQL*Net
DESCRIPTION OF THE VULNERABILITY
The CPU (Critical Patch Update) of January 2010 corrects several
vulnerabilities of Oracle Database. Oracle’s announce contains a
detailed table, summarized below.
An attacker can use a vulnerability of Listener, in order to
obtain information, to alter information, or to generate a denial
of service. [grav:2/4; BID-37728, CVE-2010-0071]
An attacker can use a vulnerability of Oracle OLAP, in order to
obtain information, to alter information, or to generate a denial
of service. [grav:2/4; BID-37729, CVE-2009-3415]
An attacker can use a vulnerability of Application Express
Application Builder, in order to obtain information, to alter
information, or to generate a denial of service. [grav:2/4;
CVE-2010-0076]
An attacker can use a vulnerability of Oracle Data Pump, in order
to obtain information or to alter information. [grav:2/4;
BID-37743, CVE-2009-3411]
An attacker can use a vulnerability of Oracle Spatial, in order to
obtain information or to alter information. [grav:2/4; BID-37730,
CVE-2009-3414]
An attacker can use a vulnerability of Logical Standby, in order
to alter information. [grav:2/4; BID-37740, CVE-2009-1996]
An attacker can use a vulnerability of RDBMS, in order to obtain
information ou to alter information. [grav:2/4; BID-37746,
CVE-2009-3410]
An attacker can use a vulnerability of Oracle Spatial, in order to
obtain information or to alter information. [grav:2/4; BID-37738,
CVE-2009-3413]
An attacker can use a vulnerability of Unzip, in order to obtain
information. [grav:1/4; BID-37731, CVE-2009-3412]
CHARACTERISTICS
– Identifiers: BID-37728, BID-37729, BID-37730, BID-37731,
BID-37738, BID-37740, BID-37743, BID-37746, cpujan2010,
CVE-2009-1996, CVE-2009-3410, CVE-2009-3411, CVE-2009-3412,
CVE-2009-3413, CVE-2009-3414, CVE-2009-3415, CVE-2010-0071,
CVE-2010-0076, VIGILANCE-VUL-9339
– Url: http://vigilance.fr/vulnerability/Oracle-Database-several-vulnerabilities-of-January-2010-9339
