---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Oracle Products Multiple Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA15991 VERIFY ADVISORY: http://secunia.com/advisories/15991/ CRITICAL: Moderately critical IMPACT: Unknown, Manipulation of data, Exposure of sensitive information WHERE: >From remote SOFTWARE: Oracle9i Database Standard Edition http://secunia.com/product/358/ Oracle9i Database Enterprise Edition http://secunia.com/product/359/ Oracle9i Application Server http://secunia.com/product/443/ Oracle Enterprise Manager 9.x http://secunia.com/product/2564/ Oracle Enterprise Manager 10.x http://secunia.com/product/2565/ Oracle E-Business Suite 11i http://secunia.com/product/442/ Oracle Database Server 10g http://secunia.com/product/3387/ Oracle Database 8.x http://secunia.com/product/360/ Oracle Collaboration Suite Release 2 http://secunia.com/product/2451/ Oracle Applications 11i http://secunia.com/product/1916/ Oracle Applications 11.x http://secunia.com/product/1458/ Oracle Application Server 10g http://secunia.com/product/3190/ DESCRIPTION: 47 vulnerabilities have been reported in various Oracle products. Some have an unknown impact, and others can be exploited to gain knowledge of sensitive information or to manipulate data. Details have been disclosed for the following vulnerabilities: 1) JDeveloper starts sqlplus using a plain text password as a parameter. 2) Database passwords are stored in plain text in the JDeveloper configuration files, "IDEConnections.xml", "XSQLConfig.xml", and "settings.xml" . 3) Temporary files created by Oracle Forms Builder in the local "temp" directory contain plain text username and password of the current database connection used by Forms Builder. These files are not deleted when Forms Builder exits. 4) Oracle Forms application creates a temporary file in the "/tmp" directory of the application server if the number of records retrieved from the database exceeds the parameter "buffered records". This temporary file is world-readable and contains an unencrypted copy of the retrieved database records. This potentially allows local users to gain knowledge of sensitive information. 5) Several unspecified SQL injection and parameter manipulation vulnerabilities in the Oracle E-Business Suite can be exploited to execute malicious SQL statements in the database with privileges of the application database account. The following supported products are affected by one or more of the vulnerabilities: * Oracle Database 10g Release 1, versions 10.1.0.2, 10.1.0.3, 10.1.0.4 * Oracle9i Database Server Release 2, versions 9.2.0.5, 9.2.0.6 * Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5, 9.0.1.5 FIPS * Oracle8i Database Server Release 3, version 8.1.7.4 * Oracle8 Database Release 8.0.6, version 8.0.6.3 * Oracle Enterprise Manager Grid Control 10g, versions 10.1.0.2, 10.1.0.3 * Oracle Enterprise Manager 10g Database Control, versions 10.1.0.2, 10.1.0.3, 10.1.0.4 * Oracle Enterprise Manager Application Server Control, versions 9.0.4.0, 9.0.4.1 * Oracle Application Server 10g (9.0.4), versions 9.0.4.0, 9.0.4.1 * Oracle9i Application Server Release 2, versions 9.0.2.3, 9.0.3.1 * Oracle9i Application Server Release 1, version 1.0.2.2 * Oracle Collaboration Suite Release 2, versions 9.0.4.1, 9.0.4.2 * Oracle E-Business Suite and Applications Release 11i, versions 11.5.1 through 11.5.10 * Oracle E-Business Suite and Applications Release 11.0 * Oracle Workflow, versions 11.5.1 through 11.5.9.5 * Oracle Forms and Reports, versions 4.5.10.22, 6.0.8.25 * Oracle JInitiator, versions 1.1.8, 1.3.1 * Oracle Developer Suite, versions 9.0.2.3, 9.0.4, 9.0.4.1, 9.0.5, 10.1.2 * Oracle Express Server, version 6.3.4.0 SOLUTION: Apply patches. http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=311088.1 PROVIDED AND/OR DISCOVERED BY: 1-4) Alexander Kornbrust, Red Database Security. 5) Stephen Kost, Integrigy. The vendor also credits the following people: * Gerhard Eschelbeck, Qualys Inc. * Esteban Martínez Fayó and Aaron C. Newman, Application Security Inc. * David Litchfield, NGSSoftware. * Michael Murray, nCircle Network Security. * Mike Sues, Rigel Kent Security. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html Red Database Security: http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html http://www.red-database-security.com/advisory/oracle_formsbuilder_temp_file_issue.html http://www.red-database-security.com/advisory/oracle_forms_unsecure_temp_file_handling.html Integrigy: http://www.integrigy.com/alerts/OraCPU0705.htm ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------