Red-Database-Security GmbH is specialized in Oracle Security

Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published AlertsRSS Published Alerts
Upcoming AlertsRSS Published Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Details Oracle Critical Patch Update April 2007 - V1.05

If you are interested to get the latest information of the Oracle CPU April 2007
you can now subscribe to our newsletter .

Additional information will be added soon.




With this CPU Oracle has fixed 36 security bugs in various Oracle products and components. The oldest bug which is fixed in this CPU is from 2003. It is necessary to apply this CPU on every Oracle Client installation to avoid the DB11.

The Oracle database patches are fixing 13 security bugs. The most critical security bug for Windows databases is DB01 which allows remote exploitation without usercredentials. The CVSS rating for this bug is 7.0. For Unix and Windows users one critical bug (DB05) is related to the database logon trigger mechanism. It's possible to bypass database logon trigger if the CPU April 2007 is not applied.

Keep in mind that there are no patches for Oracle XE for Windows. The remote exploitable bug (DB01) is and will be unfixed in XE (like many other critical issues). Oracle is not planning to release patches for XE.

Oracle fixes also 2 new security problems in the Oracle Enterprise Manager, 1 in Oracle Workflow Cartridge and 1 in the Ultrasearch.

Fixed security vulnerabilities in Oracle PL/SQL-Packages:

Package

Function/Procedure

Granted to

Vulnerability/ Change

N/A   DB01
N/A DB02
N/A DB03
SYS.DBMS_AQADM_SYS DB04
N/A DB05
SYS.DBMS_APPLY_USER_AGENT DB06
SYS.DBMS_UPGRADE_INTERNAL DB07
SYS.DBMS_CDC_IPUBLISH DB08
SYS.DBMS_CDC_PUBLISH DB09
SYS.DBMS_SNAP_INTERNAL DB10
N/A DB11
N/A DB12
N/A DB13




The following table contains a mapping of Oracle vuln to the CVE numbers.



Oracle Vuln

CVE#

Vulnerability-Type

DB01 CVE-2007-2108 Authentication Bypass via Windows Share
DB02 CVE-2007-2109 Race Condition
DB03 CVE-2007-2110 Null DACL on Oracle Process
DB04 CVE-2007-2111 SQL Injection
DB05 CVE-2007-2112 Bypass Logon Trigger
DB06 CVE-2007-2109 SQL Injection
DB07 CVE-2007-2113 SQL Injection
DB08   Buffer Overflow
DB09 CVE-2007-2115 SQL Injection
DB10 CVE-2007-2116 Buffer Overflow
DB11 CVE-2007-2114 Local Buffer Overflow
DB12 CVE-2007-2117 Local Buffer Overflow
DB13 CVE-2007-2118 Local Buffer Overflow

Oracle Application Server / APPS /Peoplesoft

Oracle Vuln

CVE#

Vulnerability-Type

OWF01 CVE-2007-2130  
SES01 CVE-2007-2119 XSS
EM01 CVE-2007-2129  
AS01 CVE-2007-2120 Denial of Service
AS02 CVE-2007-2121  
AS03 CVE-2007-2122  
AS04 CVE-2007-2123  
AS05 CVE-2007-2124  
OCS01 CVE-2007-2125  
APPS01 CVE-2007-2126  
APPS02 CVE-2007-2126  
APPS03    
APPS04 CVE-2007-2127  
APPS05 CVE-2007-2127  
APPS06 CVE-2007-2127  
APPS07 CVE-2007-2127  
APPS08 CVE-2007-2128  
APPS09 CVE-2007-2127  
APPS10 CVE-2007-2127  
PSE01 CVE-2007-2131  
PSE02 CVE-2007-2132  
PSEHCM01 CVE-2007-2133  
JDE01 CVE-2007-2134  



sReferences

History
  • 17-apr-2007 - 1.00 - Initial version
  • 17-apr-2007 - 1.01 - Additional information added
  • 18-apr-2007 - 1.02 - Warning for Oracle XE added
  • 18-apr-2007 - 1.03 - Information from Integrigy added
  • 18-apr-2007 - 1.04 - Information from David Litchfield added
  • 19-apr-2007 - 1.05 - CVE-Numbers and Tipping Point Advisories added

2007 by Red-Database-Security GmbH - last update 19-April-2007