Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Silently fixed security bugs in Oracle Critical Patch Update July 2005

from [ak] Network Security [Permanent Link]
Subject: Silently fixed security bugs in Oracle Critical Patch Update July 2005
Date: 15 Jul 2005 06:56:42 -0000 
Hello BugTraq-Reader

After reading the patch documentation and some tests with the CPU July 2005 I 
found out that Oracle fixed some security bugs silently without mention these 
bugs in their current risk matrix. 

Detailed information about most of these bugs are not available via Metalink 
but in many cases the description is sufficient for a malicious attacker 
(e.g. "/DAV_PUBLIC IS NOT PROTECTED BY DEFAULT ENABLING MALITIOUS USER TO FILL 
IT UP")


For OHS 9.0.2.3:
3174425 - OHS CRASHES WITH A SPECIFIC REQUEST
3396862 - MOD_OSSO DOES NOT EXPIRE PARTNER APPLICATION COOKIES

For Mod_Oradav 9.0.2.3:
2576249 - /DAV_PUBLIC IS NOT PROTECTED BY DEFAULT ENABLING MALITIOUS USER TO 
FILL IT UP
2544464 - ORAALTPASSWORD SHOULD BE ENCRYPTED AND NOT JUST OBFUSCATED

For Webcache 9.0.2.3
2972458 - WEBCACHE SERVES DOCUMENTS AT 40 BIT ENCRYPTION WHEN 128 SPECIFIED IN 
OHS

For OHS 9.0.3.1:
3164583 - INACTIVITY TIMEOUT CAN BE BYPASSED USING BROWSER BACK BUTTON
2701804 - OHS HANGS: NO BUFFER SPACE AVAILABLE: ACCEPT: (CLIENT SOCKET)
3174425 - OHS CRASHES WITH A SPECIFIC REQUEST

For DB 9.0.1.4 or DB 9.0.1.5
3889519 - UPLOAD IN SSL DOES NOT WORK WITH IE AFTER SECALERT 68 OR DB PATCH
          9015

DB 9.0.1.5Fips Patch 4 : 4340015
4067484  SSO SERVER XSS CHECK 

DB 9.0.1.5Fips Patch 2 : 4210722
2605435 : MEMORY LEAK WHEN EXECUTING A QUERY THROUGH TAF CONNECTION



This information is available at
http://www.red-database-security.com/whitepaper/cpu_july_2005_silently_fixed_bugs.html


Regards

 Alexander Kornbrust
 Red-Database-Security GmbH


PS: Don't miss the Oracle Security related talks at Black Hat 2005 in Las 
Vegas. I will show how to
circumvent Oracle's database encryption (dbms_crypto/dbms_obfuscation_toolkit) 
to decrypt sensitive 
information.

All Oracle Security related topics at the Black Hat 2005 USA.

http://www.blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html#Cerrudo
http://www.blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html#Fayo
http://www.blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html#Kornbrust
http://www.blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html#Litchfield
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: On classifying attacks, Bryan McAninch
Next by Date:  Compromising pictures of Microsoft Internet Explorer!, Michal Zalewski
Previous by Thread:  On classifying attacks, Derek Martin
Next by Thread:  Re: Silently fixed security bugs in Oracle Critical Patch Update July 2005, David Litchfield
Indexes:  [Date] [Thread] [Top] [All Lists]