[VIM] Oracle Critical Patch - Cliff Notes
security curmudgeon
jericho at attrition.org
Tue Jul 19 02:02:45 EDT 2005
Not sure if this will help you Steve, but cliff notes =) The Oracle ID on
the left, OSVDB title on the right. We break them out as best as possible
and use the very little info they provide to distinguish them, thus the
somewhat odd wording.
DB01 Oracle Express Server Unauthenticated Trivial Remote DoS
DB02 Oracle OLAP olapsys SQL DoS
DB03 Oracle Component Registry dbms_registry Issue
DB04 Oracle utl_file Unspecified Issue
DB05 Oracle Database Link Creation Unspecified Issue
DB06 Oracle XML Database HTTP Limited Information Disclosure
DB07 Oracle XML Databaes FTP Unspecified Issue
DB08 Oracle iSQL*Plus HTTP Unspecified Trivial DoS
DB09 Oracle iSQL*Plus Unspecified Trivial Database Content Disclosure
DB10 Oracle Single Sign-On HTTP Unspecified Information Disclosure
DB11 Oracle HTTP Server (mod_ssl) HTTPS Multiple Unspecified Issue
AS07
DB12
AS08
AS01 Oracle Containers for J2EE Unspecified Remote Information Disclosure
AS02 Oracle Application Server Forms Local Unspecified Integrity Issue
AS03 Oracle Application Server Forms Multiple Unspecified Local Information Disclosure
AS04
AS05 Oracle Application Server Forms HTTP Unspecified Remote DoS
AS06 Oracle Application Server Forms HTTP Unspecified Issue
AS09 Oracle Application Server JDeveloper Unspecified Local Limited Impact Issue
AS10 Oracle Application Server JDeveloper Unspecified Local Wide Impact Issue
AS11 Oracle Reports Developer HTTP Unspecified Issue
AS12 Oracle Application Server JInitiator HTTP Unspecified Issue
OCS01 Oracle Email Server SMTP Unspecified Limited Impact DoS
OCS02 Oracle Email Server SMTP Unspecified Wide Impact DoS
OCS03 Oracle Email Server IMAP Unspecified Issue
OCS04 Oracle Email Server HTTP Authenticated User Unspecified DoS
OCS05 Oracle Web Conferencing HTTP Unspecified Information Disclosure
OCS06
APPS01 Oracle E-Business Suite HTTP Unspecified Issue
APPS03
APPS02 Oracle E-Business Suite HTTP Unspecified Information Disclosure
APPS04 Oracle E-Business Suite SQL x Unspecified Issue
portal.wpg_session or owf_mgr.wf_event_html
APPS05 Oracle E-Business Suite HTTP Authenticated Trivial Information Disclosure
APPS11 Oracle E-Business Suite HTTP Unauthenticated Trivial Information Disclosure
APPS12
APPS13
APPS14
APPS17
APPS06 Oracle E-Business Suite HTTP Authenticated Multiple Unspecified Issue
APPS07
APPS08
APPS09
APPS10
APPS16
APPS15 Oracle E-Business Suite HTTP Unauthenticated Multiple Unspecified Issue
EM01 Oracle Enterprise Manager Instance Management Unspecified Issue
EM02 Oracle Enterprise Manager CORE:SDK Unspecified Remote DoS
Also these to match up next:
http://archives.neohapsis.com/archives/bugtraq/2005-07/0182.html
http://www.integrigy.com/analysis.htm
details not public
http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html
http://archives.neohapsis.com/archives/bugtraq/2005-07/0212.html
http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html
http://archives.neohapsis.com/archives/bugtraq/2005-07/0213.html
http://www.red-database-security.com/advisory/oracle_formsbuilder_temp_file_issue.html
http://archives.neohapsis.com/archives/bugtraq/2005-07/0217.html
http://www.red-database-security.com/advisory/oracle_forms_unsecure_temp_file_handling.html
http://archives.neohapsis.com/archives/bugtraq/2005-07/0216.html
http://archives.neohapsis.com/archives/bugtraq/2005-07/0240.html
http://archives.neohapsis.com/archives/bugtraq/2005-07/0248.html
2576249 - /DAV_PUBLIC IS NOT PROTECTED BY DEFAULT ENABLING MALITIOUS USER
TO FILL IT UP
2544464 - ORAALTPASSWORD SHOULD BE ENCRYPTED AND NOT JUST OBFUSCATED
More information about the VIM
mailing list