---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Oracle Products Multiple Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA14935 VERIFY ADVISORY: http://secunia.com/advisories/14935/ CRITICAL: Moderately critical IMPACT: Unknown, Manipulation of data, Exposure of system information, Exposure of sensitive information, DoS WHERE: >From remote SOFTWARE: Oracle Application Server 10g http://secunia.com/product/3190/ Oracle Collaboration Suite Release 2 http://secunia.com/product/2451/ Oracle Database 8.x http://secunia.com/product/360/ Oracle Database Server 10g http://secunia.com/product/3387/ Oracle E-Business Suite 11i http://secunia.com/product/442/ Oracle Enterprise Manager 10.x http://secunia.com/product/2565/ Oracle Enterprise Manager 9.x http://secunia.com/product/2564/ Oracle9i Application Server http://secunia.com/product/443/ Oracle9i Database Enterprise Edition http://secunia.com/product/359/ Oracle9i Database Standard Edition http://secunia.com/product/358/ PeopleSoft EnterpriseOne Applications 8.x http://secunia.com/product/4915/ PeopleSoft OneWorldXe/ERP8 Applications http://secunia.com/product/4916/ DESCRIPTION: Multiple vulnerabilities have been reported in various Oracle products. Some have an unknown impact, and others can be exploited to gain knowledge of sensitive information, manipulate data, or cause a DoS (Denial of Service). The following supported products are affected by one or more vulnerabilities: * Oracle Database 10g Release 1, versions 10.1.0.2, 10.1.0.3, 10.1.0.3.1, 10.1.0.4. * Oracle9i Database Server Release 2, versions 9.2.0.5, 9.2.0.6 * Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5, 9.0.4 (9.0.1.5 FIPS) * Oracle8i Database Server Release 3, version 8.1.7.4 * Oracle Application Server 10g Release 2 (10.1.2) * Oracle Application Server 10g (9.0.4), versions 9.0.4.0, 9.0.4.1 * Oracle9i Application Server Release 2, versions 9.0.2.3, 9.0.3.1 * Oracle9i Application Server Release 1, version 1.0.2.2 * Oracle Collaboration Suite Release 2, versions 9.0.4.1, 9.0.4.2 * Oracle E-Business Suite and Applications Release 11i, versions 11.5.0 through 11.5.10 * Oracle E-Business Suite and Applications Release 11.0 * Oracle Enterprise Manager Grid Control 10g, versions 10.1.0.2, 10.1.0.3 * Oracle Enterprise Manager versions 9.0.4.0, 9.0.4.1 * PeopleSoft EnterpriseOne Applications, versions 8.9 SP2 and 8.93 * PeopleSoft OneWorldXe/ERP8 Applications, versions SP22 and higher NOTE: Consult the original vendor advisory for a vulnerability matrix detailing affected components, requirements, and impact. SOLUTION: Apply patches (see vendor advisory). PROVIDED AND/OR DISCOVERED BY: The vendor credits the following people: * Esteban MartÌnez Fayó, Application Security Inc. * Stephen Kost, Integrigy. * David Litchfield, NGSSoftware. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------