HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2008-22
Multiple Vulnerabilities in various Oracle products

Original issue date: April 23, 2008

Severity Rating: High

Systems Affected

• Oracle Database 11g, version 11.1.0.6
• Oracle Database 10g Release 2, versions 10.2.0.2,    10.2.0.3
• Oracle Database 10g, version 10.1.0.5
• Oracle Database 9i Release 2, versions 9.2.0.8,    9.2.0.8DV
• Oracle Application Server 10g Release 3 (10.1.3),    versions 10.1.3.1.0, 10.1.3.3.0
• Oracle Application Server 10g Release 2 (10.1.2),    versions 10.1.2.0.2, 10.1.2.1.0, 10.1.2.2.0
• Oracle Application Server 10g (9.0.4), version 9.0.4.3
• Oracle Collaboration Suite 10g, version 10.1.2
• Oracle E-Business Suite Release 12, versions 12.0.0 -    12.0.4
• Oracle E-Business Suite Release 11i, versions 11.5.9 -    11.5.10 CU2
• Oracle PeopleSoft Enterprise People Tools versions    8.22.19, 8.48.16,8.49.09
• Oracle PeopleSoft Enterprise HCM versions 8.8 SP1,    8.9, 9.0
• Oracle Siebel Sim Builder versions 7.8.2, 7.8

Overview

Multiple Vulnerabilities exist in various Oracle products, which could be exploited by malicious user locally or remotely to bypass certain security restrictions. 

Description

Multiple vulnerabilities have been reported in oracle products, the severity of which varies depending on the product, component, and configuration of the system. Authentication is not required for exploiting some of these vulnerabilities. Successful exploitation may result in disclosure of sensitive information or bypass certain security restrictions.


Solution

Apply patches as mentioned in Oracle Advisory:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html
http://blogs.oracle.com/security/2008/04/15

Vendor Information

Oracle Corporation
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html

AusCERT
http://www.auscert.org.au/render.html?it=9124

SecurityFocus
http://www.securityfocus.com/bid/28725/


CVE-Name
CVE-2008-1811     
CVE-2008-1812    
CVE-2008-1813    
CVE-2008-1814     
CVE-2008-1815     
CVE-2008-1816     
CVE-2008-1817     
CVE-2008-1818     
CVE-2008-1819     
CVE-2008-1820     
CVE-2008-1821    
CVE-2008-1822     
CVE-2008-1823     
CVE-2008-1824     
CVE-2008-1825     
CVE-2008-1826     
CVE-2008-1827    
CVE-2008-1828    
CVE-2008-1829    
CVE-2008-1830    
CVE-2008-1831    

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003