Alexander Kornbrust Oracle Security Blog » Print » Oracle CPU July 2009 published

Oracle CPU July 2009 published

Dieser Eintrag stammt von Alexander Kornbrust Am 15 Jul 2009 @ 10:03 In SQL Injection, Security, Allgemein | Kommentarfunktion deaktiviert

Yesterday night Oracle released the [1] July 2009 CPU. This CPU contains 30 fixes for several Oracle products. 10 security issues are fixed in the Oracle Database Server.As always the usual suspects (Esteban, David, Joxean, Alexandr, Dennis) and a few others reported issues in Oracle products.

The 3 most critical bugs this time are related to the TNS Listener and one of the bugs be exploited without authentication.These issues CVE-2009-1020, CVE-2009-1019, CVE-2009-1963 are rated with CVSS 9 (for Windows), 7.5 for Unix.
Oracle has also fixed 3 of my findings in the database (3 out of 10 :-))

SQL Injection in DBMS_EXPORT_EXTENSION (previously fixed in [2] April 2006)
Information Disclosure (Password Hash) in Database Vault
Information Disclosure (Password Hash) in Audit Vault

More details will be published within the next few days. The updates for our Oracle database scanner [3] Repscan ([4] free trial available) will be released within the next 2 days.

Dieser Artikel wurde ausgedruckt ab Alexander Kornbrust Oracle Security Blog: http://blog.red-database-security.com

URL zum Artikel: http://blog.red-database-security.com/2009/07/15/oracle-cpu-july-2009-published/

URLs in this post:
[1] July 2009 CPU: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul20
09.html
[2] April 2006: http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html
[3] Repscan: http://www.sentrigo.com/repscan
[4] free trial available: http://blog.red-database-security.comhttps://www.sentrigo.com/Register_For_Repsc
an

Klicken hier zum Drucken.