Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Vulnerabilities in Oracle E-Business Suite 11i-Critical Patch Update October 2005
From: <ipatches () hushmail com>
Date: Wed, 19 Oct 2005 13:19:17 -0700

XXXXXXXXX Security wrote:

XXXXXXXXX Security Advisory

____________________________________________________________________
__
 
Vulnerabilities in Oracle E-Business Suite 11i Oracle 
Critical Patch Update - October 2005 October 18, 2005 

____________________________________________________________________
__
 
Summary:

Oracle today released its fourth Critical Patch Update 
(October 2005).   The
patches contained in the Critical Patch Update will correct 
numerous security bugs in the Oracle Database, Oracle 
Application Server, and Oracle E-Business Suite.  Some of the 
vulnerabilities in the Critical Patch Update are high risk 
and a few can be exploited remotely using a web browser.

Almost all the security bugs fixed in this Critical Patch 
Update are exploitable in Oracle E-Business Suite 
environments and the appropriate patches should be applied as 
soon as possible.  Patches for the Oracle Database, Oracle 
Application Server, Oracle Developer 6i, and Oracle 
E-Business Suite 11i must be applied -- almost all 
implementations will have to apply at least 12 patches.  
Customers with Internet-facing implementations of the Oracle 
E-Business Suite are at most risk and should consider 
applying these patches quickly.

The Oracle E-Business Suite patches involved with this 
Critical Patch Update are much more complex as compared to 
the previous CPUs and will require additional functional 
testing in our opinion.  In addition, the Oracle E-Business 
Suite security patches are not cumulative, therefore, all the 
patches specified in this CPU and previous CPUs must be applied. 

XXXXXXXXX has released additional guidance to help our 
clients in determining the relevance and priority of these 
patches for their Oracle E-Business Suite implementations.  
The XXXXXXXXX analysis for the this Critical Patch Update is 
available at --

http://www.XXXXXXXXX.com/analysis.htm


____________________________________________________________________
__
 
For more information or questions regarding this security 
advisory, please contact us at alerts () XXXXXXXXX com 
 
XXXXXXXXX has included checks for these vulnerabilities in 
AppSentry, a vulnerability scanner for Oracle Applications, 
and AppDefend, an application intrusion prevention system for 
Oracle Applications.
 
Credit:
 
Some of the vulnerabilities fixed in the Critical Patch 
Update October 2005 were discovered and reported to Oracle by 
Stephen Kost of XXXXXXXXX Corporation.

____________________________________________________________________
__
 
About XXXXXXXXX Corporation (www.XXXXXXXXX.com)
 
XXXXXXXXX Corporation is a leader in application security for 
large enterprise, mission critical applications. Our 
application vulnerability assessment tool, AppSentry, assists 
companies in securing their largest and most important 
applications. AppDefend is an intrusion prevention system for 
Oracle Applications and blocks common types of attacks 
against application servers. XXXXXXXXX Consulting offers 
security assessment services for leading ERP and CRM 
applications.
 
For more information, visit www.XXXXXXXXX.com.
I think this is very bad advisory. There is no detail and I was 
watching for company name 12 times. Stephen Kost is only get credit 
as "Some of the vulnerabilities fixed in the Critical Patch Update 
October 2005 were discovered and reported to Oracle by Stephen Kost 
of XXXXXXXXX Corporation" I think Stephen Kost should discover 
better company for security working. This company contributes 
nothing to discussion. Thank you but no advertisement on 
Fulldisclosure please!



Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Re: Vulnerabilities in Oracle E-Business Suite 11i-Critical Patch Update October 2005 ipatches (Oct 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]