Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Silently fixed security bugs in Oracle Critical Patch Update July 2005

Silently fixed security bugs in Oracle Critical Patch Update July 2005

From: <ak_at_red-database-security.com>
Date: 15 Jul 2005 06:56:42 -0000
('binary' encoding is not supported, stored as-is) Hello BugTraq-Reader

After reading the patch documentation and some tests with the CPU July 2005 I found out that Oracle fixed some security bugs silently without mention these bugs in their current risk matrix.

Detailed information about most of these bugs are not available via Metalink but in many cases the description is sufficient for a malicious attacker
(e.g. "/DAV_PUBLIC IS NOT PROTECTED BY DEFAULT ENABLING MALITIOUS USER TO FILL IT UP")

For OHS 9.0.2.3:
3174425 - OHS CRASHES WITH A SPECIFIC REQUEST
3396862 - MOD_OSSO DOES NOT EXPIRE PARTNER APPLICATION COOKIES

For Mod_Oradav 9.0.2.3:
2576249 - /DAV_PUBLIC IS NOT PROTECTED BY DEFAULT ENABLING MALITIOUS USER TO FILL IT UP
2544464 - ORAALTPASSWORD SHOULD BE ENCRYPTED AND NOT JUST OBFUSCATED

For Webcache 9.0.2.3
2972458 - WEBCACHE SERVES DOCUMENTS AT 40 BIT ENCRYPTION WHEN 128 SPECIFIED IN OHS

For OHS 9.0.3.1:
3164583 - INACTIVITY TIMEOUT CAN BE BYPASSED USING BROWSER BACK BUTTON
2701804 - OHS HANGS: NO BUFFER SPACE AVAILABLE: ACCEPT: (CLIENT SOCKET)
3174425 - OHS CRASHES WITH A SPECIFIC REQUEST

For DB 9.0.1.4 or DB 9.0.1.5
3889519 - UPLOAD IN SSL DOES NOT WORK WITH IE AFTER SECALERT 68 OR DB PATCH
          9015

DB 9.0.1.5Fips Patch 4 : 4340015
4067484 SSO SERVER XSS CHECK

DB 9.0.1.5Fips Patch 2 : 4210722
2605435 : MEMORY LEAK WHEN EXECUTING A QUERY THROUGH TAF CONNECTION

This information is available at
http://www.red-database-security.com/whitepaper/cpu_july_2005_silently_fixed_bugs.html

Regards

 Alexander Kornbrust
 Red-Database-Security GmbH

PS: Don't miss the Oracle Security related talks at Black Hat 2005 in Las Vegas. I will show how to
circumvent Oracle's database encryption (dbms_crypto/dbms_obfuscation_toolkit) to decrypt sensitive
information.

All Oracle Security related topics at the Black Hat 2005 USA.

http://www.blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html#Cerrudo
http://www.blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html#Fayo
http://www.blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html#Kornbrust
http://www.blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html#Litchfield
Received on Jul 15 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]