ID CVE-2014-6567
Summary Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher's claim that this is a stack-based buffer overflow in DBMS_AW.EXECUTE, which allows code execution via a long Current Directory Alias (CDA) command.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:database_server:11.1.0.7
  • Oracle Database Server 11g 11.2.0.3
    cpe:2.3:a:oracle:database_server:11.2.0.3
  • Oracle Database Server 11.2.0.4
    cpe:2.3:a:oracle:database_server:11.2.0.4
  • Oracle Database Server 12.1.0.1
    cpe:2.3:a:oracle:database_server:12.1.0.1
  • Oracle Database Server 12.1.0.2
    cpe:2.3:a:oracle:database_server:12.1.0.2
CVSS
Base: 9.0 (as of 24-06-2016 - 11:31)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Databases
NASL id ORACLE_RDBMS_CPU_JAN_2015.NASL
description The remote Oracle database server is missing the January 2015 Critical Patch Update (CPU). It is, therefore, affected by security issues in the following components : - Core RDBMS - DBMS_UTILITY - PL/SQL - Recovery - Workspace Manager - XML Developer's Kit for C
last seen 2019-02-21
modified 2018-11-15
plugin id 80906
published 2015-01-22
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=80906
title Oracle Database Multiple Vulnerabilities (January 2015 CPU)
refmap via4
bid 72134
confirm http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
misc http://www.databaseforensics.com/Oracle_Jan2015_CPU.pdf
sectrack 1031572
the hacker news via4
id THN:B5218A4B6680543EFCCADB0F38E960BF
last seen 2018-01-27
modified 2015-01-21
published 2015-01-21
reporter Mohit Kumar
source https://thehackernews.com/2015/01/java-update-patch-vulnerability.html
title Oracle releases 169 Updates, Including 19 Patches for JAVA Vulnerabilities
Last major update 28-11-2016 - 14:12
Published 21-01-2015 - 10:28
Back to Top