CERTA-2005-AVI-025
Vulnerability from certfr_avis

Oracle diffuse un nouveau correctif de sécurité incluant l'alerte de sécurité 68 (cf avis CERTA-2004-AVI-284) mais y ajoutant la prise en compte de failles additionnelles affectant uniquement les serveurs.

Description

Une vingtaine de failles sont récensées dans l'avis de l'éditeur (tous produits confondus) et traitées par le correctif.

Les références CVE prises en compte dans la révision 3 de l'alerte 68 sont listées la section documentation.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Oracle Database Server Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5 et 9.0.4 ;
Oracle N/A Oracle E-Business Suite and Applications Release 11.0.
Oracle Database Server Oracle9i Database Server Release 2, versions 9.2.0.4, 9.2.0.5 et 9.2.0.6 ;
Oracle N/A Oracle9i Application Server Release 1, version 1.0.2.2 ;
Oracle Database Server Oracle8i Database Server Release 3, version 8.1.7.4 ;
Oracle N/A Oracle Application Server 10g (9.0.4), versions 9.0.4.0 et 9.0.4.1 ;
Oracle N/A Oracle Database 10g Release 1, versions 10.1.0.2, 10.1.0.3 et 10.1.0.3.1 ;
Oracle N/A Oracle E-Business Suite and Applications Release 11i (11.5) ;
Oracle N/A Oracle Application Server 10g Release 2 (10.1.2) ;
Oracle N/A Oracle Collaboration Suite Release 2, version 9.0.4.2 ;
Oracle N/A Oracle9i Application Server Release 2, versions 9.0.2.3 et 9.0.3.1 ;
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5 et 9.0.4 ;",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite and Applications Release 11.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle9i Database Server Release 2, versions 9.2.0.4, 9.2.0.5 et 9.2.0.6 ;",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle9i Application Server Release 1, version 1.0.2.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle8i Database Server Release 3, version 8.1.7.4 ;",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g (9.0.4), versions 9.0.4.0 et 9.0.4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 1, versions 10.1.0.2, 10.1.0.3 et 10.1.0.3.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite and Applications Release 11i (11.5) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g Release 2 (10.1.2) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Collaboration Suite Release 2, version 9.0.4.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle9i Application Server Release 2, versions 9.0.2.3 et 9.0.3.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vingtaine de failles sont r\u00e9cens\u00e9es dans l\u0027avis de l\u0027\u00e9diteur (tous\nproduits confondus) et trait\u00e9es par le correctif.\n\nLes r\u00e9f\u00e9rences CVE prises en compte dans la r\u00e9vision 3 de l\u0027alerte 68\nsont list\u00e9es la section documentation.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2005-01-24T00:00:00",
  "last_revision_date": "2005-01-24T00:00:00",
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 CERTA-2004-AVI-284 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2004-AVI-284/index.html"
    },
    {
      "title": "Alerte de s\u00e9curit\u00e9 #68 d\u0027Oracle :",
      "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
    },
    {
      "title": "Oracle \u00abCritical Critical Patch Update\u00bb, r\u00e9vision 1 du 18    janvier 2005 :",
      "url": "http://www.oracle.com/technology/deploy/security/pdf/cpu-jan-2005_advisory.pdf"
    },
    {
      "title": "Alerte de l\u0027US-CERT du 1er septembre 2004 :",
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
    }
  ],
  "reference": "CERTA-2005-AVI-025",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-01-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Oracle diffuse un nouveau correctif de s\u00e9curit\u00e9 incluant l\u0027alerte de\ns\u00e9curit\u00e9 68 (cf avis CERTA-2004-AVI-284) mais y ajoutant la prise en\ncompte de failles additionnelles affectant uniquement les serveurs.\n",
  "title": "Correctif de s\u00e9curit\u00e9 cumulatif pour les produits Oracle",
  "vendor_advisories": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.