-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Cisco IOS Multiple Vulnerabilities
http://www.cert-in.org.in/advisory/ciad-2009-49.htm
Original Issue Date: October 26, 2009
Severity Rating:High
System Affected
Oracle Database 11g version 11.1.0.7
Oracle Database 10g Release 2 version 10.2.0.3
Oracle Database 10g Release 2 version 10.2.0.4
Oracle Database 10g version 10.1.0.5
Oracle Database 9i Release 2 version 9.2.0.8
Oracle Database 9i Release 2 version 9.2.0.8DV
Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.4.0
Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.5.0
Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.3.0
Oracle Business Intelligence Enterprise Edition version 10.1.3.4.0
Oracle Business Intelligence Enterprise Edition version 10.1.3.4.1
Oracle E-Business Suite Release 12 version 12.0.6
Oracle E-Business Suite Release 12 version 12.1
Oracle E-Business Suite Release 11i version 11.5.10.2
AutoVue version 19.3
Agile Engineering Data Management (EDM) version 6.1
PeopleSoft PeopleTools & Enterprise Portal version 8.49
PeopleSoft Enterprise HCM (TAM) version 8.9
PeopleSoft Enterprise HCM (TAM) version 9.0
JDEdward Tools version 8.98
Oracle WebLogic Server versions 10.0 through 10.0 MP1
Oracle WebLogic Server versions 10.3
Oracle WebLogic Server version 9.0 GA
Oracle WebLogic Server version 9.1 GA
Oracle WebLogic Server versions 9.2 through 9.2 MP3
Oracle WebLogic Server versions 8.1 through 8.1 SP5
Oracle WebLogic Server versions 7.0 through 7.0 SP6
Oracle WebLogic Portal versions 8.1 through 8.1 SP6
Oracle WebLogic Portal versions 9.2 through 9.2 MP3
Oracle WebLogic Portal versions 10.0 through 10.0MP1
Oracle WebLogic Portal versions 10.2 through 10.2MP1
Oracle WebLogic Portal versions 10.3 through 10.3.1
Oracle JRockit version R27.6.4 and prior (JDK/JRE 6, 5, 1.4.2)
Oracle Communications Order and Service Management version 2.8.0
Oracle Communications Order and Service Management version 6.2.0
Oracle Communications Order and Service Management version 6.3.0
Oracle Communications Order and Service Management version 6.3.1
Overview
Multiple vulnerabilities have been reported in Oracle and BEA products,
which could be exploited by remote or local attackers to cause a denial of
service, read and manipulate certain data, disclose sensitive information,
conduct SQL injection attacks, bypass security restrictions, or execute
arbitrary commands.
Description
Multiple vulnerabilities have been reported in Oracle products, the
severity of which varies depending on the product, component, and
configuration of the system. Specific details of each of these
vulnerabilities are not available currently. Authentication is not required
for exploiting some of these vulnerabilities. Successful exploitation may
affect the availability of the target system, the confidentiality and
integrity of data on the target system. The list of vulnerabilities are
available on the following url :
http://www.cert-in.org.in/advisory/ciad-2009-49.htm
Solution
Apply patches as mentioned in Oracle Advisory
http://www.oracle.com/technology/deploy/security/
critical-patch-updates/cpuoct2009.html
Vendor Information
Oracle
http://www.oracle.com/technology/deploy/security/
critical-patch-updates/cpuoct2009.html
References
SecurityLab
http://en.securitylab.ru/nvd/
Infosecurity.US
http://infosecurity.us/?p=11431
Secunia
http://secunia.com/advisories/37027/
http://secunia.com/advisories/37103/
F-Secure
http://www.f-secure.com/vulnerabilities/en/SA200905709
XFocus
http://www.f-secure.com/vulnerabilities/SA200901648
US-Cert
http://www.us-cert.gov/cas/bulletins/SB08-294.html
Security Space
http://www.securityspace.com/smysecure/search.html?
searchstr=confidentiality
SecurityTracker
http://www.securitytracker.com/archives/summary/9000.html
CVE Name
CVE-2009-1007
CVE-2009-1018
CVE-2009-1964
CVE-2009-1965
CVE-2009-1971
CVE-2009-1972
CVE-2009-1979
CVE-2009-1985
CVE-2009-1990
CVE-2009-1991
CVE-2009-1992
CVE-2009-1993
CVE-2009-1994
CVE-2009-1995
CVE-2009-1997
CVE-2009-1998
CVE-2009-1999
CVE-2009-2000
CVE-2009-2001
CVE-2009-2002
CVE-2009-3392
CVE-2009-3393
CVE-2009-3395
CVE-2009-3396
CVE-2009-3397
CVE-2009-3399
CVE-2009-3400
CVE-2009-3401
CVE-2009-3402
CVE-2009-3403
CVE-2009-3404
CVE-2009-3405
CVE-2009-3406
CVE-2009-3407
CVE-2009-3408
CVE-2009-3409
Disclaimer
The information provided herein is on "as is" basis, without warranty of
any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
Note: Please do not reply to this e-mail. For further queries contact
CERT-In Information Desk. Email: info@cert-in.org.in
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSuaK73WXeYNsoT30AQrdNggAySgvTxwVHtUE/K9EI/ZmUd2jINXrl2SZ
Lc4zCbJppr2XPEoXHlDmyVFnB+E3E2bERP/8pGr/rTKQR7kRxW55JYjAcdtfmRDQ
K/zhOoMcSiryWLXcc3vBOAIcrbtfkyE5NQsZAgr0N2royEQai1OC+CrL9O+2pVQy
SFECmK8R0Etx90axmlQrLg/wF2nO14B7Xlei4NQ5PFOBt43ccPHLY8dYrSWzFuzg
aYw+nkW91r8cSzd5q7blNUUOx2v+6hkAAfagCo0n1tLRrbq4GhRqtoh0zjMcRoOr
/sLyI0cRdGHWQnHviO6UNvUjbHI39SyRhGhZotYdkm4/ao/TvXqVqw==
=FzJW
-----END PGP SIGNATURE-----
For More Security Related Stuff visit http://wiki.secureit.in.A Wiki Website dedicated to Information Security.
No comments:
Post a Comment