Multiple security vulnerabilities in Oracle9i Lite 5.
Name Multiple Vulnerabilities in Oracle Lite 5
Systems Affected Oracle9i Lite 5.0.0.0.0 up to 5.0.2.9.0
Severity High Risk
Category Different Categories
Vendor URL http://www.oracle.com
Author Alexander Kornbrust (ak@red-database-security.com)
Date 19th February 2004 (V 1.0)
Advisory RDS_20040219_1
Details
There are multiple vulnerabilities in Oracle9i Lite 5 Mobile Server. A valid account is not necessary to exploit one of the vulnerabilities. For all other vulnerabilities a valid login to Oracle9i Lite Mobile Server is necessary. An attacker can gain unauthorized access as DBA to the Oracle database server which contains the Oracle9i Lite schema.
Workarounds
There are no workarounds for these security vulnerabilities.
Patch Information
An advisory from Oracle is available on OTN:
http://otn.oracle.com/deploy/security/pdf/2004alert63.pdf
A patch for Oracle Lite 5.0.2 is available on Metalink:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=261992.1
History:
21 October 2003 Vendor was informed about two security vulnerabilities
22 October 2003 Seven additional vulnerabilities reported
23 October 2003 Two additional vulnerabilities reported
23 October 2003 Bugs confirmed
18 February 2004 Oracle published Alert #63 & Patch 3359687
About Red-Database-Security
Red-Database-Security is a specialist in Oracle Security.