Skip to main content

Oracle Products Code Execution and Security Bypass Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 22 Oct 2009 5935 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in various Oracle and BEA products, which could be exploited by remote or local attackers to cause a denial of service, read and manipulate certain data, disclose sensitive information, conduct SQL injection attacks, bypass security restrictions, or execute arbitrary commands.

These issues are caused by errors in the Advanced Queuing, Agile Engineering Data Management (EDM), Application Express, Auditing, Authentication, AutoVue, Business Intelligence Enterprise Edition, Core RDBMS, Data Mining, Data Pump, JD Edwards Tools, JRockit, Net Foundation Layer, Network Authentication, Oracle Advanced Benefits, Oracle Application Object Library, Oracle Applications Framework, Oracle Applications Technology Stack, Oracle Communications Order and Service Management, Oracle Spatial, Oracle Text, PeopleSoft Enterprise HCM (TAM), PeopleSoft PeopleTools & Enterprise Portal, PL/SQL, Portal, WebLogic Portal, WebLogic Server, and Workspace Manager components.


Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Oracle Database 11g version 11.1.0.7
  • Oracle Database 10g Release 2 version 10.2.0.3
  • Oracle Database 10g Release 2 version 10.2.0.4
  • Oracle Database 10g version 10.1.0.5
  • Oracle Database 9i Release 2 version 9.2.0.8
  • Oracle Database 9i Release 2 version 9.2.0.8DV
  • Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.4.0
  • Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.5.0
  • Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.3.0
  • Oracle Business Intelligence Enterprise Edition version 10.1.3.4.0
  • Oracle Business Intelligence Enterprise Edition version 10.1.3.4.1
  • Oracle E-Business Suite Release 12 version 12.0.6
  • Oracle E-Business Suite Release 12 version 12.1
  • Oracle E-Business Suite Release 11i version 11.5.10.2
  • AutoVue version 19.3
  • Agile Engineering Data Management (EDM) version 6.1
  • PeopleSoft PeopleTools & Enterprise Portal version 8.49
  • PeopleSoft Enterprise HCM (TAM) version 8.9
  • PeopleSoft Enterprise HCM (TAM) version 9.0
  • JDEdward Tools version 8.98
  • Oracle WebLogic Server versions 10.0 through 10.0 MP1
  • Oracle WebLogic Server versions 10.3
  • Oracle WebLogic Server version 9.0 GA
  • Oracle WebLogic Server version 9.1 GA
  • Oracle WebLogic Server versions 9.2 through 9.2 MP3
  • Oracle WebLogic Server versions 8.1 through 8.1 SP5
  • Oracle WebLogic Server versions 7.0 through 7.0 SP6
  • Oracle WebLogic Portal versions 8.1 through 8.1 SP6
  • Oracle WebLogic Portal versions 9.2 through 9.2 MP3
  • Oracle WebLogic Portal versions 10.0 through 10.0MP1
  • Oracle WebLogic Portal versions 10.2 through 10.2MP1
  • Oracle WebLogic Portal versions 10.3 through 10.3.1
  • Oracle JRockit version R27.6.4 and prior (JDK/JRE 6, 5, 1.4.2)
  • Oracle Communications Order and Service Management version 2.8.0
  • Oracle Communications Order and Service Management version 6.2.0
  • Oracle Communications Order and Service Management version 6.3.0
  • Oracle Communications Order and Service Management version 6.3.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Apply Critical Patch Update (Advisory October 2009) :
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html


Vulnerability Identifier


Source


Related Link