---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Oracle OraClient Component Insecure Installation Issue SECUNIA ADVISORY ID: SA16577 VERIFY ADVISORY: http://secunia.com/advisories/16577/ CRITICAL: Less critical IMPACT: System access WHERE: >From remote SOFTWARE: Oracle Database Server 10g http://secunia.com/product/3387/ DESCRIPTION: Harry Johnston has reported a security issue in Oracle Database Server 10g, which potentially can be exploited by malicious people to compromise a user's system. The problem is that the binary and Java Runtime directories are improperly added to the front of the system path when installing the OraClient 10g component, which contains old vulnerable versions of Info-ZIP's zip (version 2.1) and unzip (version 5.32), and Sun Java JRE (version 1.4.2_03). For more information: SA8781 SA9784 SA10051 SA11570 SA12206 SA13094 SA13142 SA13271 SA14640 SA15671 The security issue has been reported in version 10.1.0.2.0. Other versions may also be affected. SOLUTION: Don't use the included zip, unzip, and Java utilities. If newer versions of these tools also are installed on systems, then execute these with their absolute paths. PROVIDED AND/OR DISCOVERED BY: Harry Johnston OTHER REFERENCES: SA8781: http://secunia.com/advisories/8781/ SA9784: http://secunia.com/advisories/9784/ SA10051: http://secunia.com/advisories/10051/ SA11570: http://secunia.com/advisories/11570/ SA12206: http://secunia.com/advisories/12206/ SA13094: http://secunia.com/advisories/13094/ SA13142: http://secunia.com/advisories/13142/ SA13271: http://secunia.com/advisories/13271/ SA14640: http://secunia.com/advisories/14640/ SA15671: http://secunia.com/advisories/15671/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------