Vigil@nce: Oracle Database, several vulnerabilities of January 2009
January 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
Several vulnerabilities are corrected by the CPU of January 2009.
Gravity: 2/4
Consequences: privileged access/rights, data reading, data
creation/edition
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 11
Creation date: 14/01/2009
Revision date: 15/01/2009
IMPACTED PRODUCTS
– Oracle Database
– Oracle Net Services
– Oracle SQL*Net
DESCRIPTION OF THE VULNERABILITY
The CPU (Critical Patch Update) of January 2009 corrects several
vulnerabilities of Oracle Database. Oracle’s announce contains a
detailed table, summarized below.
An attacker (via Oracle Net, authenticated, with the EXECUTE
privilege on DBMS_IJOB) can obtain or alter information via a
vulnerability of Job Queue. [grav:2/4; CVE-2008-5437]
An attacker (via Oracle Net, authenticated, with the Create
Session privilege) can alter information or create a denial of
service via a vulnerability of Oracle OLAP. [grav:2/4;
CVE-2008-5436]
An attacker (via Oracle Net, authenticated, with the Create
Session privilege) can obtain or alter information via a
vulnerability of Oracle Spatial. [grav:2/4; CVE-2008-3978]
An attacker (via Oracle Net, authenticated, with the Create
Session privilege) can obtain privileges of the MDSYS user via
MDSYS.SDO_TOPO_DROP_FTBL of Oracle Spatial. [grav:2/4;
CVE-2008-3979, NISR13012009]
An attacker (via Oracle Net, authenticated, with the Execute on
SYS.DBMS_STREAMS_AUTH privilege) can obtain or alter information
via a vulnerability of Oracle Streams. [grav:2/4; CVE-2008-4015]
An attacker (via Oracle Net, authenticated, with the EXECUTE
privilege on SYS.OLAPIMPL_T) can create a denial of service via a
vulnerability of Oracle OLAP. [grav:2/4; CVE-2008-3974]
An attacker (via Oracle Net, authenticated, with the EXECUTE
privilege on SYS.DBMS_XSOQ_ODBO) can aller a file via a
vulnerability of Summary Advisor (Oracle OLAP). [grav:2/4;
CVE-2008-3997]
An attacker (via Oracle Net, authenticated, with the EXECUTE
privilege on SYS.OLAPIMPL_T) can create a denial of service via a
vulnerability of Oracle OLAP. [grav:2/4; CVE-2008-3999]
An attacker (local, authenticated) can obtain information via a
vulnerability of SQL*Plus Windows GUI. [grav:2/4; CVE-2008-5439]
An attacker (local, authenticated) can obtain information via a
vulnerability of SQL*Plus Windows GUI. [grav:1/4; CVE-2008-3973]
Other vulnerabilities impact Oracle Secure Backup and Oracle
TimesTen. [grav:1/4; ZDI-09-003, ZDI-09-004]
CHARACTERISTICS
Identifiers: cpujan2009, CVE-2008-3973, CVE-2008-3974,
CVE-2008-3978, CVE-2008-3979, CVE-2008-3997, CVE-2008-3999,
CVE-2008-4015, CVE-2008-5436, CVE-2008-5437, CVE-2008-5439,
NISR13012009, VIGILANCE-VUL-8386, ZDI-09-003, ZDI-09-004
http://vigilance.fr/vulnerability/Oracle-Database-several-vulnerabilities-of-January-2009-8386