Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[VulnWatch] Multiple High Risk Vulnerabilities in Oracle E-Business Suit

from [Integrigy Security] Network Security [Permanent Link]
Subject: [VulnWatch] Multiple High Risk Vulnerabilities in Oracle E-Business Suite 11i - Critical Patch Update July 2005
Date: Tue, 12 Jul 2005 14:27:41 -0500 
Integrigy Security Advisory
______________________________________________________________________
 
Multiple High Risk Vulnerabilities in Oracle E-Business Suite 11i
Oracle Critical Patch Update - July 2005
July 12, 2005
______________________________________________________________________
 
Summary:

Oracle today will be releasing its third Critical Patch Update (July 2005).
The patches contained in the Critical Patch Update will correct numerous
security bugs in the Oracle Database, Oracle Application Server, and Oracle
E-Business Suite.  

A number of high risk SQL injection and parameter manipulation security
vulnerabilities in the Oracle E-Business Suite are corrected by the security
patches released today.  Customers with Internet-facing implementations of
the Oracle E-Business Suite should consider applying these patches as soon
as possible.  It is possible that an attacker with only a web browser and a
network connection (either internally or externally) to Oracle E-Business
Suite web application servers can execute malicious SQL statements in the
database as the APPS database account. 
 
The Oracle E-Business Suite patches involved with this Critical Patch Update
are much more complex as compared to the previous CPUs and will require
additional functional testing in our opinion.  In addition, the Oracle
E-Business Suite security patches are not cumulative, therefore, all the
patches specified in this CPU and previous CPUs must be applied.    

Integrigy will be releasing more detailed guidance in the near future in
order to assist our clients in determining the relevance and priority of
patches for their Oracle E-Business Suite implementations.  The Integrigy
analysis for this Critical Patch Update will be posted at
http://www.integrigy.com/analysis.htm when it is available.
______________________________________________________________________
 
For more information or questions regarding this security advisory, please
contact us at alerts@integrigy.com.
 
Integrigy has included checks for these vulnerabilities in AppSentry, a
vulnerability scanner for Oracle Applications, and AppDefend, an application
intrusion prevention system for Oracle Applications.
 
Credit:
 
The vulnerabilities referenced in this advisory were discovered and reported
to Oracle by Stephen Kost of Integrigy Corporation.
______________________________________________________________________
 
About Integrigy Corporation (www.integrigy.com)
 
Integrigy Corporation is a leader in application security for large
enterprise, mission critical applications. Our application vulnerability
assessment tool, AppSentry, assists companies in securing their largest and
most important applications. AppDefend is an intrusion prevention system for
Oracle Applications and blocks common types of attacks against application
servers. Integrigy Consulting offers security assessment services for
leading ERP and CRM applications.
 
For more information, visit www.integrigy.com.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [VulnWatch] Multiple High Risk Vulnerabilities in Oracle E-Business Suite 11i - Critical Patch Update July 2005, Integrigy Security <=
Previous by Date:  Re: Problems with the Oracle Critical Patch Update for April 2005, David Litchfield
Next by Date:  [VulnWatch] CORE-2005-0629: MailEnable Buffer Overflow Vulnerability, Core Security Technologies Advisories
Previous by Thread:  [Full-disclosure] iDEFENSE Security Advisory 07.12.05: Microsoft Word 2000 and Word 2002 Font Parsing Buffer Overflow Vulnerability, iDEFENSE Labs
Next by Thread:  [VulnWatch] CORE-2005-0629: MailEnable Buffer Overflow Vulnerability, Core Security Technologies Advisories
Indexes:  [Date] [Thread] [Top] [All Lists]