Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)
Services
Oracle Audit / Hardening
Security Training
Consulting
Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts
News & Events
Events
News
Company
Contact
People
Partner
Impressum
Sitemap
Search
|
Details Oracle Critical Patch Update July 2006 - V1.03
If you are interested to get the latest information of the Oracle CPU July 2006
you can now subscribe our newsletter .
Additional information will be added soon.
CHANGE !!! IMPORTANT
Oracle does NOT fixed the "Modify Data via Views" bug.
The 0day vulnerability for dbms_export_extension
which was released on Full-Disclosure Mailing list in April 2006 and many more vulnerabilities like SQL Injection, Buffer overflows, Cross Site Scripting, ...
With this CPU Oracle has fixed 65 security bugs in various products and components.
Patches for Oracle Express Edition are currently not available:
Database |
23 |
Client |
4 |
OAS |
10 |
OCS |
1 |
APPS |
20 |
EM |
4 |
PSE |
2 |
JDE |
1 |
Fixed security vulnerabilities in Oracle PL/SQL-Packages and Java classes:
Package |
Function/Procedure |
Granted to |
Vulnerability/ Change |
SYS.DBMS_STAT_FUNCS
(belongs to DBMS_STATS) |
KOLMOGOROV_SMIRNOV, SHAPIRO_WILKS, ANDERSON_DARLING, CHI_SQUARED_CONTINUOUS, CHI_SQUARED_DISCRETE, SUMMARY, NORMAL_DIST_FIT, UNIFORM_DIST_FIT, POISSON_DIST_FIT, WEIBULL_DIST_FIT, EXPONENTIAL_DIST_FIT |
PUBLIC |
SQL Injection [DB21], 10.1 |
SYS.DBMS_UPGRADE |
|
|
SQL Injection [DB22] |
SYS.DBMS_CDC_IMPDP |
IMPORT_CHANGE_SET, IMPORT_CHANGE_TABLE, IMPORT_CHANGE_COLUMN, IMPORT_SUBSCRIBER, IMPORT_SUBSCRIBED_TABLE, IMPORT_SUBSCRIBED_COLUMN, VALIDATE_IMPORT, VALIDATE_CHANGE_SET, VALIDATE_CHANGE_TABLE, VALIDATE_SUBSCRIPTION |
PUBLIC |
SQL Injection [DB01],10.1 |
SYS.DBMS_CDC_ISUBSCRIBE |
GET_SUBSCRIPTION_HANDLE, SUBSCRIBE, PREPARE_SUBSCRIBER_VIEW, DROP_SUBSCRIBER_VIEW |
|
SQL Injection [DB01], 10.1 |
SYS.DBMS_EXPDP |
DUMP_CHANGE_SET, DUMP_CHANGE_TABLE, DUMP_CHANGE_COLUMN, DUMP_SUBSCRIBER, DUMP_SUBSCRIBED_TABLE, DUMP_SUBSCRIBED_COLUMN, SCHEMA_INFO_EXP |
|
SQL Injection [DB01], 10.1 |
SYS.KUPW$WORKER |
MAIN |
PUBLIC |
SQL Injection [DB03], 10.1 |
SYS.DBMS_DDL |
|
PUBLIC |
(?) [DB05], 10.1 |
SYS.DBMS_EXPORT_EXTENSION |
GET_DOMAIN_INDEX_METADATA, GET_DOMAIN_INDEX_TABLES, GET_V2_DOMAIN_INDEX_TABLES |
PUBLIC |
SQL Injection [DB06], 10.1 |
ORDSYS.ORDIMGIDXMETHODS |
|
PUBLIC |
Buffer Overflow, [DB07], 10.1 |
SYS.DBMS_XRWMV |
|
PUBLIC |
Buffer Overflow, [DB16],10.1 |
SYS.DBMS_XDBZ0 |
ENABLE_HIERARCHY_INTERNAL, DISABLE_HIERARCHY_INTERNAL |
|
SQL Injection , 10.1 |
SYS.DBMS_ADVISOR |
GEN_SHRINK_DDL |
PUBLIC |
SQL Injection , 10.2 |
SYS.DBMS_METADATA |
OKTOEXP_2NDARY_TABLE |
PUBLIC |
Check for user L_INDEX_SCHEMA, 10.2 |
SYS.DBMS_ODCI |
|
|
Additional Security checks for ODCI function call,10.2 |
|
|
|
|
|
|
|
|
The following table contains a mapping of Oracle vuln
to the CVE numbers.
Comments:
The package DBMS_CDC_DPUTIL contains a new debug message. If you find "this is a test" in your tracefile it's from the package DBMS_CDC_DPUTIL.
[...]
DBMS_SYSTEM.KSDWRT(DBMS_SYSTEM.TRACE_FILE, 'this is a test ');
[...]
Debug code (and especially useless debug code) is never a good idea.
References
History
- 18-jul-2006 - 1.00 - Initial version
- 19-jul-2006 - 1.01 - More details after analysis of PL/SQL packages added
- 19-jul-2006 - 1.02 - CVEs for Oracle July CPU added. Thank you Steven M. Christey for this information
- 24-jul-2006 - 1.03 - Change Data via View bug is NOT fixed.
© 2006 by Red-Database-Security GmbH - last update 24-jul-2006
|