Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
109 vulnerabilities found for Database Server by Oracle
CERTA-2013-AVI-421
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Oracle Database Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle Database version 11.2.0.3 | ||
| Oracle | Database Server | XML Developers Kit version 11.2.0.3 | ||
| Oracle | Database Server | Oracle Database version 10.2.0.5 | ||
| Oracle | Database Server | Oracle Database version 10.2.0.4 | ||
| Oracle | Database Server | Oracle Database version 11.2.0.2 | ||
| Oracle | Database Server | XML Developers Kit version 11.2.0.2 | ||
| Oracle | Database Server | Oracle Database version 11.1.0.7 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Database version 11.2.0.3",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "XML Developers Kit version 11.2.0.3",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database version 10.2.0.5",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database version 10.2.0.4",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database version 11.2.0.2",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "XML Developers Kit version 11.2.0.2",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database version 11.1.0.7",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-3790",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3790"
},
{
"name": "CVE-2013-3789",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3789"
},
{
"name": "CVE-2013-3760",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3760"
},
{
"name": "CVE-2013-3774",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3774"
},
{
"name": "CVE-2013-3751",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3751"
},
{
"name": "CVE-2013-3771",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3771"
}
],
"links": [],
"reference": "CERTA-2013-AVI-421",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Database Server\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle CPUJul2013 du 16 juillet 2013",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
}
]
}
CERTA-2013-AVI-246
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Oracle Database Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle Network Layer 10.2.0.4 | ||
| Oracle | Database Server | Oracle Network Layer 11.2.0.3 | ||
| Oracle | Database Server | Oracle Workload Manager 11.2.0.3 | ||
| Oracle | Database Server | Oracle Network Layer 10.2.0.5 | ||
| Oracle | Database Server | Oracle Application Express versions antérieures à 4.2.1 | ||
| Oracle | Database Server | Oracle Workload Manager 11.2.0.2 | ||
| Oracle | Database Server | Oracle Network Layer 11.1.0.7 | ||
| Oracle | Database Server | Oracle Network Layer 11.2.0.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Network Layer 10.2.0.4",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Network Layer 11.2.0.3",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Workload Manager 11.2.0.3",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Network Layer 10.2.0.5",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Express versions ant\u00e9rieures \u00e0 4.2.1",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Workload Manager 11.2.0.2",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Network Layer 11.1.0.7",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Network Layer 11.2.0.2",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-1554",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1554"
},
{
"name": "CVE-2013-1519",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1519"
},
{
"name": "CVE-2013-1538",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1538"
},
{
"name": "CVE-2013-1534",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1534"
}
],
"links": [],
"reference": "CERTA-2013-AVI-246",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Database Server\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle CPUApr2013 du 16 avril 2013",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
}
]
}
CERTA-2013-AVI-036
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans Oracle Database Server. Elle permet à un attaquant d'exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle Spatial Version 11.2.0.2 | ||
| Oracle | Database Server | Oracle Spatial Version 10.2.0.4 | ||
| Oracle | Database Server | Oracle Spatial Version 11.1.0.7 | ||
| Oracle | Database Server | Oracle Spatial Version 10.2.0.3 | ||
| Oracle | Database Server | Oracle Spatial Version 10.2.0.5 | ||
| Oracle | Database Server | Oracle Spatial Version 11.2.0.3 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Spatial Version 11.2.0.2",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Spatial Version 10.2.0.4",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Spatial Version 11.1.0.7",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Spatial Version 10.2.0.3",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Spatial Version 10.2.0.5",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Spatial Version 11.2.0.3",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3220",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3220"
}
],
"links": [],
"reference": "CERTA-2013-AVI-036",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-01-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eOracle\nDatabase Server\u003c/span\u003e. Elle permet \u00e0 un attaquant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle CPUJan2013 du 15 janvier 2013",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
}
]
}
CERTA-2012-AVI-577
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Oracle Database Server. L'une d'entre elle permet à un attaquant de récupérer la clef de session et le sel d'un utilisateur. Cela donne des informations sur le hash et rend donc plus facile l'attaque par force brute pour déterminer le mot de passe.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle Core RDBMS 11.2.0.3 | ||
| Oracle | Database Server | Oracle Core RDBMS 11.2.0.2 | ||
| Oracle | Database Server | Oracle Core RDBMS 10.2.0.4 | ||
| Oracle | Database Server | Oracle Core RDBMS 10.2.0.5 | ||
| Oracle | Database Server | Oracle Core RDBMS 11.1.0.7 | ||
| Oracle | Database Server | Oracle Core RDBMS 10.2.0.3 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Core RDBMS 11.2.0.3",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Core RDBMS 11.2.0.2",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Core RDBMS 10.2.0.4",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Core RDBMS 10.2.0.5",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Core RDBMS 11.1.0.7",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Core RDBMS 10.2.0.3",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3132",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3132"
},
{
"name": "CVE-2012-3137",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3137"
},
{
"name": "CVE-2012-1751",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1751"
},
{
"name": "CVE-2012-3146",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3146"
},
{
"name": "CVE-2012-3151",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3151"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2012-1515893 du 16 octobre 2012 :",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
}
],
"reference": "CERTA-2012-AVI-577",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Database Server\u003c/span\u003e. L\u0027une d\u0027entre elle permet\n\u00e0 un attaquant de r\u00e9cup\u00e9rer la clef de session et le sel d\u0027un\nutilisateur. Cela donne des informations sur le hash et rend donc plus\nfacile l\u0027attaque par force brute pour d\u00e9terminer le mot de passe.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2012-1515893 du 16 Octobre 2012",
"url": null
}
]
}
CERTA-2005-AVI-255
Vulnerability from certfr_avis - Published: - Updated:None
Description
Plusieurs vulnérabilités présentes dans les produits Oracle peuvent être exploitées par un utilisateur mal intentionné pour réaliser un déni de service, altérer ou récupérer des données, élever ses privilèges, ou exécuter du code arbitraire sur le système vulnérable.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle Application Server 10g (9.0.4), versions 9.0.4.0, 9.0.4.1 ; | ||
| Oracle | N/A | Oracle Enterprise Manager Application Server Control, versions 9.0.4.0, 9.0.4.1 ; | ||
| Oracle | Database Server | Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5, 9.0.1.5 FIPS ; | ||
| Oracle | Database Server | Oracle9i Database Server Release 2, versions 9.2.0.5, 9.2.0.6 ; | ||
| Oracle | N/A | Oracle Enterprise Manager Grid Control 10g, versions 10.1.0.2, 10.1.0.3 ; | ||
| Oracle | N/A | Oracle9i Application Server Release 1, version 1.0.2.2 ; | ||
| Oracle | N/A | Oracle Express Server, version 6.3.4.0. | ||
| Oracle | Database Server | Oracle8i Database Server Release 3, version 8.1.7.4 ; | ||
| Oracle | N/A | Oracle JInitiator, versions 1.1.8, 1.3.1 ; | ||
| Oracle | N/A | Oracle Workflow, versions 11.5.1 through 11.5.9.5 ; | ||
| Oracle | N/A | Oracle E-Business Suite and Applications Release 11i, versions 11.5.1 à 11.5.10 ; | ||
| Oracle | N/A | Oracle Forms and Reports, versions 4.5.10.22, 6.0.8.25 ; | ||
| Oracle | N/A | Oracle Enterprise Manager 10g Database Control, versions 10.1.0.2, 10.1.0.3, 10.1.0.4 ; | ||
| Oracle | N/A | Oracle Collaboration Suite Release 2, versions 9.0.4.1, 9.0.4.2 ; | ||
| Oracle | N/A | Oracle Database 10g Release 1, versions 10.1.0.2, 10.1.0.3, 10.1.0.4 ; | ||
| Oracle | N/A | Oracle8 Database Release 8.0.6, version 8.0.6.3 ; | ||
| Oracle | N/A | Oracle Developer Suite, versions 9.0.2.3, 9.0.4, 9.0.4.1, 9.0.5, 10.1.2 ; | ||
| Oracle | N/A | Oracle E-Business Suite and Applications Release 11.0 ; | ||
| Oracle | N/A | Oracle9i Application Server Release 2, versions 9.0.2.3, 9.0.3.1 ; |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Application Server 10g (9.0.4), versions 9.0.4.0, 9.0.4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager Application Server Control, versions 9.0.4.0, 9.0.4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5, 9.0.1.5 FIPS ;",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle9i Database Server Release 2, versions 9.2.0.5, 9.2.0.6 ;",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager Grid Control 10g, versions 10.1.0.2, 10.1.0.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle9i Application Server Release 1, version 1.0.2.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Express Server, version 6.3.4.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle8i Database Server Release 3, version 8.1.7.4 ;",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle JInitiator, versions 1.1.8, 1.3.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Workflow, versions 11.5.1 through 11.5.9.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite and Applications Release 11i, versions 11.5.1 \u00e0 11.5.10 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Forms and Reports, versions 4.5.10.22, 6.0.8.25 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager 10g Database Control, versions 10.1.0.2, 10.1.0.3, 10.1.0.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Collaboration Suite Release 2, versions 9.0.4.1, 9.0.4.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 1, versions 10.1.0.2, 10.1.0.3, 10.1.0.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle8 Database Release 8.0.6, version 8.0.6.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Developer Suite, versions 9.0.2.3, 9.0.4, 9.0.4.1, 9.0.5, 10.1.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite and Applications Release 11.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle9i Application Server Release 2, versions 9.0.2.3, 9.0.3.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle peuvent \u00eatre\nexploit\u00e9es par un utilisateur mal intentionn\u00e9 pour r\u00e9aliser un d\u00e9ni de\nservice, alt\u00e9rer ou r\u00e9cup\u00e9rer des donn\u00e9es, \u00e9lever ses privil\u00e8ges, ou\nex\u00e9cuter du code arbitraire sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 d\u0027Oracle du 12 juillet 2005 :",
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
},
{
"title": "Site internet d\u0027Oracle :",
"url": "http://www.oracle.com"
}
],
"reference": "CERTA-2005-AVI-255",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2005-07-13T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences CVE.",
"revision_date": "2005-07-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": null,
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 12 juillet 2005",
"url": null
}
]
}
CERTA-2005-AVI-144
Vulnerability from certfr_avis - Published: - Updated:None
Description
Plusieurs vulnérabilités présentes dans les produits Oracle peuvent être exploitées par un utilisateur mal intentionné pour réaliser un déni de service, récupérer des données, ou exécuter du code arbitraire sur le système vulnérable.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle E-Business Suite 11i ; | ||
| Oracle | N/A | Oracle Application Server 10g ; | ||
| Oracle | N/A | Oracle E-Business Suite 11 ; | ||
| Oracle | N/A | Oracle9i Database Enterprise Edition ; | ||
| Oracle | N/A | Oracle Enterprise Manager 10.x ; | ||
| Oracle | N/A | Oracle Collaboration Suite Release 2 ; | ||
| Oracle | PeopleSoft | PeopleSoft EnterpriseOne Applications 8.x ; | ||
| Oracle | N/A | Oracle Database 8.x ; | ||
| Oracle | PeopleSoft | PeopleSoft OneWorldXe/ERP8 Applications. | ||
| Oracle | N/A | Oracle9i Database Standard Edition ; | ||
| Oracle | N/A | Oracle Enterprise Manager 9.x ; | ||
| Oracle | Database Server | Oracle Database Server 10g ; | ||
| Oracle | N/A | Oracle9i Application Server ; |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle E-Business Suite 11i ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite 11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle9i Database Enterprise Edition ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager 10.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Collaboration Suite Release 2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft EnterpriseOne Applications 8.x ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 8.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft OneWorldXe/ERP8 Applications.",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle9i Database Standard Edition ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager 9.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server 10g ;",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle9i Application Server ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle peuvent \u00eatre\nexploit\u00e9es par un utilisateur mal intentionn\u00e9 pour r\u00e9aliser un d\u00e9ni de\nservice, r\u00e9cup\u00e9rer des donn\u00e9es, ou ex\u00e9cuter du code arbitraire sur le\nsyst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [
{
"title": "Site internet d\u0027Oracle :",
"url": "http://www.oracle.com"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 d\u0027Oracle :",
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf"
}
],
"reference": "CERTA-2005-AVI-144",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2005-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": null,
"title": "Multiples vuln\u00e9rabilit\u00e9s sur Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle",
"url": null
}
]
}
CERTA-2005-AVI-025
Vulnerability from certfr_avis - Published: - Updated:
Oracle diffuse un nouveau correctif de sécurité incluant l'alerte de sécurité 68 (cf avis CERTA-2004-AVI-284) mais y ajoutant la prise en compte de failles additionnelles affectant uniquement les serveurs.
Description
Une vingtaine de failles sont récensées dans l'avis de l'éditeur (tous produits confondus) et traitées par le correctif.
Les références CVE prises en compte dans la révision 3 de l'alerte 68 sont listées la section documentation.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5 et 9.0.4 ; | ||
| Oracle | N/A | Oracle E-Business Suite and Applications Release 11.0. | ||
| Oracle | Database Server | Oracle9i Database Server Release 2, versions 9.2.0.4, 9.2.0.5 et 9.2.0.6 ; | ||
| Oracle | N/A | Oracle9i Application Server Release 1, version 1.0.2.2 ; | ||
| Oracle | Database Server | Oracle8i Database Server Release 3, version 8.1.7.4 ; | ||
| Oracle | N/A | Oracle Application Server 10g (9.0.4), versions 9.0.4.0 et 9.0.4.1 ; | ||
| Oracle | N/A | Oracle Database 10g Release 1, versions 10.1.0.2, 10.1.0.3 et 10.1.0.3.1 ; | ||
| Oracle | N/A | Oracle E-Business Suite and Applications Release 11i (11.5) ; | ||
| Oracle | N/A | Oracle Application Server 10g Release 2 (10.1.2) ; | ||
| Oracle | N/A | Oracle Collaboration Suite Release 2, version 9.0.4.2 ; | ||
| Oracle | N/A | Oracle9i Application Server Release 2, versions 9.0.2.3 et 9.0.3.1 ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5 et 9.0.4 ;",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite and Applications Release 11.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle9i Database Server Release 2, versions 9.2.0.4, 9.2.0.5 et 9.2.0.6 ;",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle9i Application Server Release 1, version 1.0.2.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle8i Database Server Release 3, version 8.1.7.4 ;",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g (9.0.4), versions 9.0.4.0 et 9.0.4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 1, versions 10.1.0.2, 10.1.0.3 et 10.1.0.3.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite and Applications Release 11i (11.5) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g Release 2 (10.1.2) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Collaboration Suite Release 2, version 9.0.4.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle9i Application Server Release 2, versions 9.0.2.3 et 9.0.3.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vingtaine de failles sont r\u00e9cens\u00e9es dans l\u0027avis de l\u0027\u00e9diteur (tous\nproduits confondus) et trait\u00e9es par le correctif.\n\nLes r\u00e9f\u00e9rences CVE prises en compte dans la r\u00e9vision 3 de l\u0027alerte 68\nsont list\u00e9es la section documentation.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [
{
"title": "Avis de s\u00e9curit\u00e9 CERTA-2004-AVI-284 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2004-AVI-284/index.html"
},
{
"title": "Alerte de s\u00e9curit\u00e9 #68 d\u0027Oracle :",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"title": "Oracle \u00abCritical Critical Patch Update\u00bb, r\u00e9vision 1 du 18 janvier 2005 :",
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpu-jan-2005_advisory.pdf"
},
{
"title": "Alerte de l\u0027US-CERT du 1er septembre 2004 :",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
}
],
"reference": "CERTA-2005-AVI-025",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2005-01-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Oracle diffuse un nouveau correctif de s\u00e9curit\u00e9 incluant l\u0027alerte de\ns\u00e9curit\u00e9 68 (cf avis CERTA-2004-AVI-284) mais y ajoutant la prise en\ncompte de failles additionnelles affectant uniquement les serveurs.\n",
"title": "Correctif de s\u00e9curit\u00e9 cumulatif pour les produits Oracle",
"vendor_advisories": []
}
CERTA-2004-AVI-046
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte sur Oracle9i Application Server et Oracle9i Database Server qui permet à un utilisateur mal intentionné de réaliser un déni de service sur ces deux systèmes.
Description
Une vulnérabilité a été découverte dans l'analyse des données SOAP (Simple Object Access Protocol) des applications Oracle : Oracle9i Application Server et Oracle9i Database Server.
Un utilisateur mal intentionné peut, en envoyant une requête SOAP malicieusement construite, réaliser un déni de service des applications Oracle. Le risque est plus important pour les versions Oracle9i Application Server seconde édition version 9.2.0.1 et antérieures car l'authentification SOAP est désactivée par défaut.
Solution
Appliquer la mise à jour correspondant à votre version (cf. section documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle9i Database Server seconde édition, version 9.2.0.2 ; | ||
| Oracle | N/A | Oracle9i Application Server seconde édition, versions 9.0.3.0 et 9.0.3.1 ; | ||
| N/A | N/A | Oracle9i Application Server seconde édition, version 9.0.2.1 et les versions antérieures ; | ||
| Oracle | N/A | Oracle9i Application Server première édition, version 1.0.2.2 ; | ||
| Oracle | Database Server | Oracle9i Database Server première édition, version 9.0.1.4. |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle9i Database Server seconde \u00e9dition, version 9.2.0.2 ;",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle9i Application Server seconde \u00e9dition, versions 9.0.3.0 et 9.0.3.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle9i Application Server seconde \u00e9dition, version 9.0.2.1 et les versions ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Oracle9i Application Server premi\u00e8re \u00e9dition, version 1.0.2.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle9i Database Server premi\u00e8re \u00e9dition, version 9.0.1.4.",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans l\u0027analyse des donn\u00e9es SOAP\n(Simple Object Access Protocol) des applications Oracle : Oracle9i\nApplication Server et Oracle9i Database Server. \n \nUn utilisateur mal intentionn\u00e9 peut, en envoyant une requ\u00eate SOAP\nmalicieusement construite, r\u00e9aliser un d\u00e9ni de service des applications\nOracle. Le risque est plus important pour les versions Oracle9i\nApplication Server seconde \u00e9dition version 9.2.0.1 et ant\u00e9rieures car\nl\u0027authentification SOAP est d\u00e9sactiv\u00e9e par d\u00e9faut.\n\n## Solution\n\nAppliquer la mise \u00e0 jour correspondant \u00e0 votre version (cf. section\ndocumentation).\n",
"cves": [],
"links": [
{
"title": "Correctif Oracle :",
"url": "http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT\u0026p_id=259556.1"
}
],
"reference": "CERTA-2004-AVI-046",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2004-02-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte sur Oracle9i Application Server et\nOracle9i Database Server qui permet \u00e0 un utilisateur mal intentionn\u00e9 de\nr\u00e9aliser un d\u00e9ni de service sur ces deux syst\u00e8mes.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Oracle9i Application et Dabase Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Avis de s\u00e9curit\u00e9 65 d\u0027Oracle",
"url": "http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf"
}
]
}
CERTA-2003-AVI-189
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité sur Oracle 9i Database permet à un utilisateur local mal intentionné d'exécuter du code arbitraire avec les privilèges de l'utilisateur oracle.
Description
Oracle 9i Database est le gestionnaire de base de données d'Oracle.
Un débordement de mémoire présent dans les binaires oracle et oracleO permet à un utilisateur du système d'exécuter du code arbitraire avec les privilèges de l'utilisateur oracle.
Contournement provisoire
Supprimer les droits d'exécution des deux binaires pour les utilisateurs n'appartenant pas au même groupe à l'aide des commandes suivantes :
- cd \$ORACLE_HOME/bin
- chmod o-x oracle oracleO
Solution
Appliquer le correctif disponible (cf section documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle 9i Database Release 2, Versions 9.0.x ; | ||
| Oracle | Database Server | Oracle 9i Database Release 2, Versions 9.2.x ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle 9i Database Release 2, Versions 9.0.x ;",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle 9i Database Release 2, Versions 9.2.x ;",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nOracle 9i Database est le gestionnaire de base de donn\u00e9es d\u0027Oracle.\n\nUn d\u00e9bordement de m\u00e9moire pr\u00e9sent dans les binaires oracle et oracleO\npermet \u00e0 un utilisateur du syst\u00e8me d\u0027ex\u00e9cuter du code arbitraire avec\nles privil\u00e8ges de l\u0027utilisateur oracle.\n\n## Contournement provisoire\n\nSupprimer les droits d\u0027ex\u00e9cution des deux binaires pour les utilisateurs\nn\u0027appartenant pas au m\u00eame groupe \u00e0 l\u0027aide des commandes suivantes :\n\n- cd \\$ORACLE_HOME/bin \n- chmod o-x oracle oracleO\n\n## Solution\n\nAppliquer le correctif disponible (cf section documentation).\n",
"cves": [],
"links": [
{
"title": "Correctif disponible \u00e0 l\u0027adresse suivante avec le num\u00e9ro de correctif 3157063 :",
"url": "http://metalink.oracle.com"
}
],
"reference": "CERTA-2003-AVI-189",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2003-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire sur le syst\u00e8me local"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 sur Oracle 9i Database permet \u00e0 un utilisateur local\nmal intentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire avec les privil\u00e8ges de\nl\u0027utilisateur oracle.\n",
"title": "Vuln\u00e9rabilit\u00e9 sur Oracle Database Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Avis de s\u00e9curit\u00e9 59 d\u0027Oracle",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf"
}
]
}
CERTA-2003-AVI-122
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans l'exécutable EXTPROC d'Oracle Database.
Description
Une vulnérabilité de type débordement de mémoire a été découverte dans
l'exécutable EXTPROC d'Oracle Database. Un utilisateur authentifié à la
base et possédant les privilèges CREATE LIBRARY ou
CREATE ANY LIBRARY peut exploiter cette vulnérabilité afin d'exécuter
du code arbitraire sur le serveur.
Solution
Appliquer le correctif fourni par Oracle suivant la version affectée (cf. Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle 8i. | ||
| Oracle | Database Server | Oracle 9i Release 1 et 2 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle 8i.",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle 9i Release 1 et 2 ;",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire a \u00e9t\u00e9 d\u00e9couverte dans\nl\u0027ex\u00e9cutable EXTPROC d\u0027Oracle Database. Un utilisateur authentifi\u00e9 \u00e0 la\nbase et poss\u00e9dant les privil\u00e8ges `CREATE LIBRARY` ou\n`CREATE ANY LIBRARY` peut exploiter cette vuln\u00e9rabilit\u00e9 afin d\u0027ex\u00e9cuter\ndu code arbitraire sur le serveur.\n\n## Solution\n\nAppliquer le correctif fourni par Oracle suivant la version affect\u00e9e\n(cf. Documentation).\n",
"cves": [],
"links": [],
"reference": "CERTA-2003-AVI-122",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2003-07-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans l\u0027ex\u00e9cutable EXTPROC d\u0027Oracle\nDatabase.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans EXTPROC d\u0027Oracle Database Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Alerte de s\u00e9curit\u00e9 #57 d\u0027Oracle",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf"
}
]
}