Red-Database-Security GmbH is specialized in Oracle Security

Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published AlertsRSS Published Alerts
Upcoming AlertsRSS Published Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Details Oracle Critical Patch Update January 2007 - V1.02

If you are interested to get the latest information of the Oracle CPU January 2007
you can now subscribe to our newsletter .

Additional information will be added soon.



With this CPU Oracle has fixed 51 security bugs in various products and components. The oldest bug which is fixed in this CPU is from 2001 (CVE-2001-729) and fixed after 1918 (!!!) days.

The Oracle database patches are fixing 17 security bugs. 1 database bugin XMLDB is remote exploitable. Only if OHS and/or XMLDB is installed and running these vulnerabilities are remote exploitable.

Fixed security vulnerabilities in Oracle PL/SQL-Packages:

Package

Function/Procedure

Granted to

Vulnerability/ Change

DBMS_AQ_INV   DB01
DBMS_CDC_SUBSCRIBE DB02
DBMS_DRS DB03
DBMS_LOGMNR DB04
MDSYS.MD DB05
  DB06
DBMS_REPCAT_UNTRUSTED DB07
DBMS_LOGREP_UTIL DB08
DBMS_CAPTURE_ADM_INTERNAL DB09




The following table contains a mapping of Oracle vuln to the CVE numbers.



Oracle Vuln

CVE#

Vulnerability-Type

DB01 CVE-2007-0268 SQL Injection
DB02 CVE-2007-0269  
DB03 CVE-2007-0270 Buffer Overflow
DB04 CVE-2007-0271 Buffer Overflow
DB05 CVE-2007-0272 Buffer Overflow
DB06 CVE-2007-0273 CSS
DB07 CVE-2007-0268 Buffer Overflow
DB08 CVE-2007-0274 Buffer Overflow
DB09 CVE-2007-0274 Buffer Overflow
DB10 CVE-2007-0276 Buffer Overflow
DB11 CVE-2007-0277 Buffer Overflow
DB12 CVE-2007-0278 Buffer Overflow
DB13 CVE-2007-0276 Buffer Overflow
DB14 CVE-2007-0278 Buffer Overflow
DB15 CVE-2007-0268 Buffer Overflow
DB16 CVE-2007-0276 Buffer Overflow

Oracle Application Server

Oracle Vuln

CVE#

Vulnerability-Type

OHS01 CVE-2006-3738 CVE-2007-0279 Buffer overflow in the SSL_get_shared_ciphers function
OHS02 CVE-2007-0279  
OHS03

CVE-2001-0729 CVE-2007-0281

 Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
OHS04 CVE-2007-0281  
OHS05

CVE-2006-4343 CVE-2007-0279

 denial of service (client crash) via unknown vectors that trigger a null pointer dereference
OHS06 CVE-2006-4339 CVE-2007-0279 forge a PKCS #1 v1.5 signature that is signed by that RSA key
OHS07 CVE-2006-2940 CVE-2007-0279 denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification
OPMN01 CVE-2007-0280 Buffer overflow & format string vulnerability in ONS service
OPMN02 CVE-2007-0282  
REP01 CVE-2007-0285 Buffer overflow & format string vulnerability in ONS service



References
  • 16-jan-2007 - 1.00 - Initial version
  • 18-jan-2007 - 1.01 - Additional Information and links added
  • 18-jan-2007 - 1.02 - CVEs added (Thanks to Steven M. Christey)
  • 24-jan-2007 - 1.03 - Advisory Integrigy added. Typos corrected (Thanks to Martin Rakhmanov)

© 2007 by Red-Database-Security GmbH - last update 24-jan-2007