Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Subscribe











Security Vulnerability

Vigil@nce: Oracle Database, several vulnerabilities of July 2009

July 2009 by Vigil@nce

Several vulnerabilities are corrected by the CPU of July 2009.

Severity: 2/4

Consequences: privileged access/rights, data reading, data creation/edition, denial of service of service

Provenance: user account

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 12

Creation date: 15/07/2009

IMPACTED PRODUCTS

- Oracle Database
- Oracle Net Services
- Oracle SQL*Net

DESCRIPTION OF THE VULNERABILITY

The CPU (Critical Patch Update) of July 2009 corrects several vulnerabilities of Oracle Database. Oracle’s announce contains a detailed table, summarized below.

An attacker can obtain or alter information or create a denial of service via a vulnerability of Network Foundation. [grav:2/4; BID-35684, CVE-2009-1020]

An attacker can obtain or alter information or create a denial of service via a vulnerability of Network Authentication. [grav:2/4; BID-35680, CVE-2009-1019]

An attacker can alter information or create a denial of service via a vulnerability of Network Foundation. [grav:1/4; BID-35677, CVE-2009-1963]

An attacker can obtain or alter information via a vulnerability of Advanced Replication. [grav:2/4; BID-35685, CVE-2009-1021]

An attacker can obtain or alter information via a vulnerability of Config Management. [grav:2/4; BID-35676, CVE-2009-1966]

An attacker can obtain or alter information via a vulnerability of Config Management. [grav:2/4; BID-35692, CVE-2009-1967]

An attacker can obtain or alter information via a vulnerability of Upgrade. [grav:2/4; BID-35679, CVE-2009-0987]

An attacker can obtain or alter information via a vulnerability of Virtual Private Database. [grav:2/4; BID-35687, CVE-2009-1973]

An attacker can create a denial of service via a vulnerability of Listener. [grav:2/4; BID-35683, CVE-2009-1970]

An attacker can generate a Cross Site Scripting in the /search/query/search page of Secure Enterprise Search. [grav:2/4; BID-35681, CVE-2009-1968, DSECRG-09-025]

An attacker can alter information via a vulnerability of Core RDBMS. [grav:2/4; BID-35682, CVE-2009-1015]

An attacker can obtain information via a vulnerability of Auditing. [grav:1/4; BID-35689, CVE-2009-1969]

CHARACTERISTICS

Identifiers: BID-35676, BID-35677, BID-35679, BID-35680, BID-35681, BID-35682, BID-35683, BID-35684, BID-35685, BID-35687, BID-35689, BID-35692, cpujul2009, CVE-2009-0987, CVE-2009-1015, CVE-2009-1019, CVE-2009-1020, CVE-2009-1021, CVE-2009-1963, CVE-2009-1966, CVE-2009-1967, CVE-2009-1968, CVE-2009-1969, CVE-2009-1970, CVE-2009-1973, DSECRG-09-025, VIGILANCE-VUL-8865

http://vigilance.fr/vulnerability/Oracle-Database-several-vulnerabilities-of-July-2009-8865


See previous articles

    

See next articles

Toutes nos news en Francais











Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts

 
News Files Security Vulnerability Malware Update Diary Guide & Podcast Jobs TRAINING Contact About Mentions légales S'identifier ADMIN

Global Security Mag Copyright 2011