I just posted 2 new advisories for the July 2009 CPU from Oracle on my website.

The first advisory ([1] CVE-2009-1021) is about PL/SQL Injection vulnerabilities in the package DBMS_EXPORT_EXTENSION. In July 2006 Oracle fixed already vulnerabilities in this package but the bugfix was not implemented properly.

The second advisory ([2] CVE-2009-1969) is about an information disclosure problem in Oracle audit logs. In some cases these audit logs can contain password hashes.

Last Friday Denis Yurichev released 4 new advisories concerning the TNS Listener in Oracle 10g/11g. All advisories are explained with a proof-of-concept code.

The first and most critical bug (CVSS 9.0 Win/6.5 Linux) advisory ([3] CVE-2009-1020)  is remote exploitable but requires an authentication. All databases (9.2.08, 10.1.0.5, 10.2.0.4 and 11.1.0.7) are affected.

The second advisory ([4] CVE-2009-1019) is remote exploitable without authentication. The P.o.C.of Denis creates a denial of service against the database. All databases (9.2.08, 10.1.0.5, 10.2.0.4 and 11.1.0.7) are affected.

The third advisory ([5] CVE-2009-1963) is remote exploitable with authentication. The P.o.C.of Denis creates a denial of service against the database.  11.1.0.7 is affected.

The fourth advisory ([6] CVE-2009-1970), remote exploitable without authentication, is  a denial of service vulnerability against the database. Oracle  10.1.0.5, 10.2.0.4 and 11.1.0.6 are affected.