int(2562)

Boletines de Vulnerabilidades

Oracle publica parche acumulativo de Julio 2006

Clasificación de la vulnerabilidad
Propiedad Valor
Nivel de Confianza Oficial
Impacto Obtener acceso
Dificultad Experto
Requerimientos del atacante Acceso remoto sin cuenta a un servicio estandar

Información sobre el sistema
Propiedad Valor
Fabricant afectat Comercial Software
Software afectado Oracle Database 10g Release 2, 10.2.0.1, 10.2.0.2
Oracle Database 10g Release 1, 10.1.0.4, 10.1.0.5
Oracle9i Database Release 2, 9.2.0.6, 9.2.0.7
Oracle8i Database Release 3, 8.1.7.4
Oracle Enterprise Manager 10g Grid Control, 10.2.0.1
Oracle Application Server 10g Release 3, versions 10.1.3.0.0
Oracle Application Server 10g Release 2, 10.1.2.0.0 - 10.1.2.0.2, 10.1.2.1.0
Oracle Application Server 10g Release 1 9.0.4.2, 9.0.4.3
Oracle Collaboration Suite 10g Release 1, 10.1.2.0
Oracle9i Collaboration Suite Release 2, 9.0.4.2
Oracle E-Business Suite Release 11i, 11.5.7 - 11.5.10 CU2
Oracle E-Business Suite Release 11.0
Oracle Pharmaceutical Applications 4.5.0 - 4.5.2
Oracle PeopleSoft Enterprise Portal Solutions, 8.4, 8.8, 8.9
Oracle PeopleSoft Enterprise Portal Solutions (with Enforcer Portal Pack), version 8.8
JD Edwards EnterpriseOne Tools, OneWorld Tools, versions 8.95, 8.96

Descripción
Se ha publicado el parche acumulativo de Julio de 2006 para los siguientes productos de Oracle: Oracle Database, Oracle Application Server, Oracle Enterprise Manager Grid Control, Oracle Collaboration Suite, JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications and PeopleSoft Enterprise PeopleTools

Este parche soluciona múltiples vulnerabilidades que pueden comprometer la integridad, confidencialidad y disponibilidad de dichos productos asi como la información manejada por ellos.

Solución


Actualización de software

Oracle
Oracle Database Server
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=372930.1#DBAVAIL
Oracle Application Server
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=372930.1#ASMIDTIER
Oracle Collaboration Suite
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=372930.1#OCSAVAIL
Oracle E-Business Suite and Applications
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2006.html#Appendix%20D
Oracle Pharmaceutical Applications
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=374060.1
Oracle Enterprise Manager
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=372930.1#OEMAVAIL
Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne
http://www.peoplesoft.com/corp/en/support/security_index.jsp

Hewlett-Packard
Oracle for OpenView (OfO) / HP-UX, Tru64 UNIX, Linux, Solaris, Windows / Oracle Critical Patch Update - July 2006
http://itrc.hp.com/

Hewlett-Packard
Oracle for OpenView (OfO) / HP-UX, Tru64 UNIX, Linux, Solaris, Windows / Oracle Critical Patch Update - January 2007
http://itrc.hp.com/

Identificadores estándar
Propiedad Valor
CVE
BID

Recursos adicionales
Oracle Critical Patch Update - Julio 2006
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2006.html

HP SECURITY BULLETIN (HPSBMA02133)
http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=c00727143

Red Database Security (DB03)
http://www.red-database-security.com/advisory/oracle_sql_injection_kupw$worker.html

Red Database Security (DB01)
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_cdc_impdp.html

Red Database Security (DB22)
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_upgrade.html

Red Database Security (DB21)
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_stats.html

Histórico de versiones
Versión Comentario Data
1.0 Aviso emitido 2006-07-19
1.1 Aviso actualizado por Hewlett Packard (HPSBMA02133) 2007-01-24
Ministerio de Defensa
CNI
CCN
CCN-CERT