CERTA-2005-AVI-025

Vulnerability from certfr_avis - Published: 2005-01-24 - Updated: 2005-01-24

Oracle diffuse un nouveau correctif de sécurité incluant l'alerte de sécurité 68 (cf avis CERTA-2004-AVI-284) mais y ajoutant la prise en compte de failles additionnelles affectant uniquement les serveurs.

Description

Une vingtaine de failles sont récensées dans l'avis de l'éditeur (tous produits confondus) et traitées par le correctif.

Les références CVE prises en compte dans la révision 3 de l'alerte 68 sont listées la section documentation.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Oracle Database Server Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5 et 9.0.4 ;
Oracle N/A Oracle E-Business Suite and Applications Release 11.0.
Oracle Database Server Oracle9i Database Server Release 2, versions 9.2.0.4, 9.2.0.5 et 9.2.0.6 ;
Oracle N/A Oracle9i Application Server Release 1, version 1.0.2.2 ;
Oracle Database Server Oracle8i Database Server Release 3, version 8.1.7.4 ;
Oracle N/A Oracle Application Server 10g (9.0.4), versions 9.0.4.0 et 9.0.4.1 ;
Oracle N/A Oracle Database 10g Release 1, versions 10.1.0.2, 10.1.0.3 et 10.1.0.3.1 ;
Oracle N/A Oracle E-Business Suite and Applications Release 11i (11.5) ;
Oracle N/A Oracle Application Server 10g Release 2 (10.1.2) ;
Oracle N/A Oracle Collaboration Suite Release 2, version 9.0.4.2 ;
Oracle N/A Oracle9i Application Server Release 2, versions 9.0.2.3 et 9.0.3.1 ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5 et 9.0.4 ;",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite and Applications Release 11.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle9i Database Server Release 2, versions 9.2.0.4, 9.2.0.5 et 9.2.0.6 ;",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle9i Application Server Release 1, version 1.0.2.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle8i Database Server Release 3, version 8.1.7.4 ;",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g (9.0.4), versions 9.0.4.0 et 9.0.4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 1, versions 10.1.0.2, 10.1.0.3 et 10.1.0.3.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite and Applications Release 11i (11.5) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g Release 2 (10.1.2) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Collaboration Suite Release 2, version 9.0.4.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle9i Application Server Release 2, versions 9.0.2.3 et 9.0.3.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vingtaine de failles sont r\u00e9cens\u00e9es dans l\u0027avis de l\u0027\u00e9diteur (tous\nproduits confondus) et trait\u00e9es par le correctif.\n\nLes r\u00e9f\u00e9rences CVE prises en compte dans la r\u00e9vision 3 de l\u0027alerte 68\nsont list\u00e9es la section documentation.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2005-01-24T00:00:00",
  "last_revision_date": "2005-01-24T00:00:00",
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 CERTA-2004-AVI-284 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2004-AVI-284/index.html"
    },
    {
      "title": "Alerte de s\u00e9curit\u00e9 #68 d\u0027Oracle :",
      "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
    },
    {
      "title": "Oracle \u00abCritical Critical Patch Update\u00bb, r\u00e9vision 1 du 18    janvier 2005 :",
      "url": "http://www.oracle.com/technology/deploy/security/pdf/cpu-jan-2005_advisory.pdf"
    },
    {
      "title": "Alerte de l\u0027US-CERT du 1er septembre 2004 :",
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
    }
  ],
  "reference": "CERTA-2005-AVI-025",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-01-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Oracle diffuse un nouveau correctif de s\u00e9curit\u00e9 incluant l\u0027alerte de\ns\u00e9curit\u00e9 68 (cf avis CERTA-2004-AVI-284) mais y ajoutant la prise en\ncompte de failles additionnelles affectant uniquement les serveurs.\n",
  "title": "Correctif de s\u00e9curit\u00e9 cumulatif pour les produits Oracle",
  "vendor_advisories": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.