|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Oracle Database: several vulnerabilities of July 2010
Synthesis of the vulnerability
Several vulnerabilities of Oracle Database are corrected by the CPU of July 2010.
Impacted products: Oracle DB, Oracle Net Services, SQL*Net.
Severity of this bulletin: 3/4.
Consequences of an intrusion: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Hacker's origin: user account.
Number of vulnerabilities in this bulletin: 6.
Creation date: 15/07/2010.
Références of this threat: BID-41621, BID-41624, BID-41635, BID-41639, BID-41643, cpujul2010, CVE-2010-0892, CVE-2010-0900, CVE-2010-0901, CVE-2010-0902, CVE-2010-0903, CVE-2010-0911, VIGILANCE-VUL-9759.
Description of the vulnerability
The CPU (Critical Patch Update) of July 2010 corrects several vulnerabilities of Oracle Database. Oracle's announce contains a detailed table, summarized below.
An attacker can use a vulnerability of Listener, in order to create a denial of service. [severity:3/4; BID-41624, CVE-2010-0911]
An attacker can use a vulnerability of Net Foundation Layer, in order to create a denial of service. [severity:3/4; BID-41639, CVE-2010-0903]
An attacker can use a vulnerability of Oracle OLAP, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-41643, CVE-2010-0902]
An attacker can use a vulnerability of Application Express, in order to alter information. [severity:2/4; BID-41621, CVE-2010-0892]
An attacker can use a vulnerability of Network Layer, in order to create a denial of service. [severity:1/4; CVE-2010-0900]
An attacker can use a vulnerability of Export, in order to obtain information. [severity:1/4; BID-41635, CVE-2010-0901]
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a computers vulnerabilities note. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.