Information Technology Services: Alerts Archive

ALARM Group ALERTclick for a description of ALARM, The Computing Alert System
Alert Number:  090204-01
Alert Date:  09/02/04
Alert Title:  Vulnerabilities in Oracle Server Products
Update-to:  None
OS/Platform/Application: 
Oracle Database 10g Release 1, version 10.1.0.2
Oracle9i Database Server Release 2, versions 9.2.0.4 and 9.2.0.5
Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5 and 9.0.4
Oracle8i Database Server Release 3, version 8.1.7.4
Oracle Enterprise Manager Grid Control 10g, version 10.1.0.2
Oracle Enterprise Manager Database Control 10g, version 10.1.0.2
Oracle Application Server 10g (9.0.4), versions 9.0.4.0 and 9.0.4.1
Oracle9i Application Server Release 2, versions 9.0.2.3 and 9.0.3.1
Oracle9i Application Server Release 1, version 1.0.2.2
Category:  ALERT
Severity:  HIGH
Attention:  System Administrators, Database Administrators

Summary:  Vulnerabilities exist in the above Oracle software. In some cases, these vulnerabilities could be used for remote exploit, without the attacker needing a valid user account. Older, non-supported versions of Oracle software are also likely vulnerable.

Recommended Actions:  Apply patches supplied by Oracle.

ITS Actions:  At this time, ITS is taking no campus-wide actions other than those necessary to secure Oracle database servers which are under its direct control.

Resources:
http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
http://www.us-cert.gov/cas/techalerts/TA04-245A.html
http://www.kb.cert.org/vuls/id/316206
http://www.kb.cert.org/vuls/id/435974
http://www.kb.cert.org/vuls/id/170830

NOTE:  PLEASE DO NOT REPLY TO THIS ALERT.  Alerts distributed by ALARM are not intended to supplant whatever security measures you are currently following. Technology coordinators, as well as the entire Ualbany computing community should continue to take all necessary precautions against threats to system security and information integrity.

Current Students  |  New Students  |  Distance Learners  |  Faculty  |  New Faculty  |  Staff
Training  |  Schedules / Hours  |  Forms  |  FAQs & User Guides  |  Policies  |  About ITS  |  Home

University at Albany homepage