Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - The Oracle Patches are here InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

The Oracle Patches are here

Published: 2009-01-13
Last Updated: 2009-01-14 00:09:44 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)

And boy are there a lot of them. The overall patch is listed as CRITICAL and from the details, I would strongly agree.

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html

They have updates for a large number of products. The "full table" link contains links to the update tables containing CVE#, the details of rhe CVSS scoring, protocol, component and version affected.

  • Oracle Database:
    • 10 patch for Oracle Database, none of which are remotely exploitable without authentication
    • 9 patch for Secure Backup, all of the vulnerabilities are remotely exploitable without authentication
    • 1 patch for TimesTen Data Server which is remotely exploitable without authentication
    • Full table here
  • Oracle Application Server:
    • 4 patches, of which 2 are remotely exploitable without authentication
    • Full table here
  • Oracle Collaboration Suite
    • 1 patch which isn't remotely exploitable without authentication
    • Full table here
  • Oracle E-Business Suite and applications
    • 4 patches none of which are remotely exploitable without authentication
    • Full table here
  • Oracle Enterprise Manager
    • 1 patch which isn't remotely exploitable without authentication
    • Full table here
  • Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
  • BEA Product Suite
    • 5 patches all of which are remotely exploitable without authentication
    • Full table here

 

Keywords:
0 comment(s)
Diary Archives