The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability CVE-2012-1737 CVE-2012-1745 CVE-2012-1746

Oracle Database: several vulnerabilities of July 2012

Synthesis of the vulnerability

Several vulnerabilities of Oracle Database are corrected by the CPU of July 2012.
Impacted products: Oracle DB, SQL*Net, SLES.
Severity of this bulletin: 3/4.
Consequences of an intrusion: user access/rights, data reading, data creation/edition, denial of service on service.
Hacker's origin: user account.
Number of vulnerabilities in this bulletin: 5.
Creation date: 18/07/2012.
Références of this threat: BID-54496, BID-54501, BID-54507, BID-54518, BID-54569, CERTA-2012-AVI-393, cpujul2012, CVE-2012-1737, CVE-2012-1745, CVE-2012-1746, CVE-2012-1747, CVE-2012-3134, SUSE-SU-2012:1020-1, VIGILANCE-VUL-11775.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Oracle Database.

An attacker can use SQL injections in DB Performance Advisories/UIs, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54569, CVE-2012-1737]

An attacker can use a vulnerability of Oracle NET, in order to create a denial of service. [severity:2/4; BID-54501, CVE-2012-1745]

An attacker can use a vulnerability of Oracle NET, in order to create a denial of service. [severity:2/4; BID-54507, CVE-2012-1746]

An attacker can use a vulnerability of Oracle NET, in order to create a denial of service. [severity:2/4; BID-54518, CVE-2012-1747]

An attacker can use a vulnerability of Core RDBMS, in order to create a denial of service. [severity:2/4; BID-54496, CVE-2012-3134]
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a networks vulnerabilities announce. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.