Signature Detail

DB: Oracle DBMS CDC/AQJM Unsafe Function

This signature detects attempts to exploit a known vulnerability in the Oracle database. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the daemon.

Extended Description

Oracle has released its critical patch update for April 2008. The advisory addresses 41 vulnerabilities affecting Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, Oracle Enterprise Manager, Oracle PeopleSoft Enterprise, and Oracle Siebel SimBuilder. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly compromise affected computers.

Affected Products

• HP Oracle for OpenView 10g
• HP Oracle for OpenView 10gR2
• HP Oracle for OpenView 8.1.7
• HP Oracle for OpenView 9.1.01
• HP Oracle for OpenView 9.2
• HP Oracle for OpenView 9.2.0
• Oracle Collaboration Suite 10g 10.1.2
• Oracle E-Business Suite 11i 11.5.10
• Oracle E-Business Suite 11i 11.5.10 CU2
• Oracle E-Business Suite 11i 11.5.9
• Oracle E-Business Suite 12 12.0.0
• Oracle E-Business Suite 12 12.0.1
• Oracle E-Business Suite 12 12.0.2
• Oracle E-Business Suite 12 12.0.3
• Oracle E-Business Suite 12 12.0.4
• Oracle Oracle10g Application Server 10.1.2 .0.2
• Oracle Oracle10g Application Server 10.1.2 .1.0
• Oracle Oracle10g Application Server 10.1.2 .2.0
• Oracle Oracle10g Application Server 10.1.3 .1.0
• Oracle Oracle10g Application Server 10.1.3 .3.0
• Oracle Oracle10g Application Server 9.0.4 3
• Oracle Oracle10g Enterprise Edition 10.1.0 .5
• Oracle Oracle10g Enterprise Edition 10.2.0 .2
• Oracle Oracle10g Enterprise Edition 10.2.0.2 64 bit
• Oracle Oracle10g Enterprise Edition 10.2.0 .3
• Oracle Oracle10g Personal Edition 10.1.0.5
• Oracle Oracle10g Personal Edition 10.2.0 .2
• Oracle Oracle10g Personal Edition 10.2.0 .3
• Oracle Oracle10g Standard Edition 10.1.0 .5
• Oracle Oracle10g Standard Edition 10.2.0 .2
• Oracle Oracle10g Standard Edition 10.2.0 .3
• Oracle Oracle11g Enterprise Edition 11.1.0 6
• Oracle Oracle11g Standard Edition 11.1.0 6
• Oracle Oracle11g Standard Edition One 11.1.0 6
• Oracle Oracle9i Enterprise Edition 9.2.0.8.0
• Oracle Oracle9i Enterprise Edition 9.2.0 .8DV
• Oracle Oracle9i Personal Edition 9.2.0 .8
• Oracle Oracle9i Personal Edition 9.2.0 .8DV
• Oracle Oracle9i Standard Edition 9.2.0.8
• Oracle Oracle9i Standard Edition 9.2.0 .8DV
• Oracle PeopleSoft Enterprise Human Capital Management 8.8 SP1
• Oracle PeopleSoft Enterprise Human Capital Management 8.9
• Oracle PeopleSoft Enterprise Human Capital Management 9.0
• Oracle PeopleSoft Enterprise PeopleTools 8.22.19
• Oracle PeopleSoft Enterprise PeopleTools 8.48.16
• Oracle PeopleSoft Enterprise PeopleTools 8.49.09
• Oracle Siebel SimBuilder 7.8.2
• Oracle Siebel SimBuilder 7.8.5

References

• BugTraq: 28725
• CVE: CVE-2008-1811
• URL: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html