The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability note CVE-2010-0892 CVE-2010-0900 CVE-2010-0901

Oracle Database: several vulnerabilities of July 2010

Synthesis of the vulnerability

Several vulnerabilities of Oracle Database are corrected by the CPU of July 2010.
Impacted products: Oracle DB, Oracle Net Services, SQL*Net.
Severity of this bulletin: 3/4.
Consequences of an intrusion: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Hacker's origin: user account.
Number of vulnerabilities in this bulletin: 6.
Creation date: 15/07/2010.
Références of this threat: BID-41621, BID-41624, BID-41635, BID-41639, BID-41643, cpujul2010, CVE-2010-0892, CVE-2010-0900, CVE-2010-0901, CVE-2010-0902, CVE-2010-0903, CVE-2010-0911, VIGILANCE-VUL-9759.

Description of the vulnerability

The CPU (Critical Patch Update) of July 2010 corrects several vulnerabilities of Oracle Database. Oracle's announce contains a detailed table, summarized below.

An attacker can use a vulnerability of Listener, in order to create a denial of service. [severity:3/4; BID-41624, CVE-2010-0911]

An attacker can use a vulnerability of Net Foundation Layer, in order to create a denial of service. [severity:3/4; BID-41639, CVE-2010-0903]

An attacker can use a vulnerability of Oracle OLAP, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-41643, CVE-2010-0902]

An attacker can use a vulnerability of Application Express, in order to alter information. [severity:2/4; BID-41621, CVE-2010-0892]

An attacker can use a vulnerability of Network Layer, in order to create a denial of service. [severity:1/4; CVE-2010-0900]

An attacker can use a vulnerability of Export, in order to obtain information. [severity:1/4; BID-41635, CVE-2010-0901]
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computers vulnerabilities note. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.