SNS Vulnerability

Oracle Products Buffer Overflow and SQL Injection Vulnerabilities

Description

Multiple vulnerabilities were identified in various Oracle products, which may be exploited by remote or local attackers to cause a denial of service, execute arbitrary commands, conduct SQL injection attacks and cross site scripting attacks, or bypass certain security restrictions. These flaws are due to unspecified errors in Oracle Database Server, Application Server, Collaboration Suite, E-Business Suite, Applications, Enterprise Manager, PeopleSoft Enterprise, and JD Edwards EnterpriseOne. No further details have been disclosed.

Vulnerable Products

Vulnerable Software:
Oracle Database Server 10g Release 1 version 10.1.0.3Oracle Database Server 10g Release 1 version 10.1.0.4Oracle Database Server 10g Release 1 version 10.1.0.4.2Oracle9i Database Server Release 1 version 9.0.1.4Oracle9i Database Server Release 1 version 9.0.1.5Oracle9i Database Server Release 1 version 9.0.1.5 FIPSOracle9i Database Server Release 2 version 9.2.0.5Oracle9i Database Server Release 2 version 9.2.0.6Oracle9i Database Server Release 2 version 9.2.0.7Oracle8i Database Server Release 3 version 8.1.7.4Oracle Enterprise Manager Application Server Control version 9.0.4.1Oracle Enterprise Manager Application Server Control version 9.0.4.2Oracle Enterprise Manager 10g Database Control version 10.1.0.3Oracle Enterprise Manager 10g Database Control version 10.1.0.4Oracle Enterprise Manager 10g Grid Control version 10.1.0.3Oracle Enterprise Manager 10g Grid Control version 10.1.0.4Oracle Application Server 10g Release 2 version 10.1.2.0.0Oracle Application Server 10g Release 2 version 10.1.2.0.1Oracle Application Server 10g Release 2 version 10.1.2.0.2Oracle Application Server 10g Release 1 (9.0.4) version 9.0.4.1Oracle Application Server 10g Release 1 (9.0.4) version 9.0.4.2Oracle E-Business Suite Release 11i version 11.5.1 through 11.5.10Oracle E-Business Suite Release 11i version 11.5.10 CU2Oracle E-Business Suite Release 11.0Oracle Clinical version 4.5.0Oracle Clinical version 4.5.1Oracle Developer Suite version 9.0.2.1Oracle Developer Suite version 9.0.4.1Oracle Developer Suite version 9.0.4.2Oracle Developer Suite version 10.1.2.0Oracle Workflow version 11.5.1 through 11.5.9.5Oracle Collaboration Suite 10g Release 1 version 10.1.1Oracle8 Database Server Release 8.0.6 version 8.0.6.3Oracle9i Collaboration Suite Release 2 version 9.0.4.2Oracle9i Application Server Release 2 version 9.0.2.3Oracle9i Application Server Release 2 version 9.0.3.1Oracle9i Application Server Release 1 version 1.0.2.2PeopleSoft Enterprise Tools version 8.1 through 8.46.03PeopleSoft CRM version 8.81 through 8.9JD Edwards EnterpriseOne, OneWorld XE version 8.95_B1JD Edwards EnterpriseOne, OneWorld XE version 8.94_Q1JD Edwards EnterpriseOne, OneWorld XE version SP23_K1

Solution

Apply patches : http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html

CVE

References

http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
SQL injection Prevention - GET : suspicious OR statement in URL	3.2.0
SQL injection Prevention - POST : suspicious SELECT statement in data	3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL	3.2.0
SQL injection Prevention - POST : possible version probing in data	3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL	3.2.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	3.2.0
SQL injection Prevention - POST : suspicious CREATE statement in data	3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	3.2.0
SQL injection Prevention - POST : suspicious UNION statement in data	3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL	3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL	3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL	3.2.0
SQL injection Prevention - POST : suspicious DROP statement in data	3.2.0
SQL injection Prevention - GET : possible database version probing	3.2.0
SQL injection Prevention - POST : suspicious INSERT statement in data	3.2.0
SQL injection Prevention - POST : suspicious OR statement in data	3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL	3.2.0
SQL injection Prevention - POST : suspicious EXEC statement in data	3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL	3.2.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL	3.2.0
SQL injection Prevention - POST : suspicious HAVING statement in data	3.2.0

Risk level

Critical

Vulnerability First Public Report Date

2005-10-19

Target Type

Server

Possible exploit

Local & Remote