Document Actions

Security Analysis

Up one level

Next 7 items » [1] 2

Oracle Critical Patch Update - April 2008 - E-Business Suite Impact: An analysis of the impact to Oracle E-Business Suite implementations for the April 2008 Oracle Critical Patch Update. Each analysis includes information on the vulnerabilities disclosed by Oracle, a review of the patches, and suggestions on when and how to apply the patches.
Oracle Critical Patch Update - April 2008 - Version Support Matrix: The product versions supported by Oracle’s Critical Patch Updates (CPU) are a subset of the certified versions, thus a certified version may not be supported by the latest CPU. This document highlights the differences between certified versions and April 2008 CPU supported versions.
Oracle Critical Patch Update - January 2008 - E-Business Suite Impact: An analysis of the impact to Oracle E-Business Suite implementations for the January 2008 Oracle Critical Patch Update. Each analysis includes information on the vulnerabilities disclosed by Oracle, a review of the patches, and suggestions on when and how to apply the patches.
Oracle Critical Patch Update - January 2008 - Version Support Matrix: The product versions supported by Oracle’s Critical Patch Updates (CPU) are a subset of the certified versions, thus a certified version may not be supported by the latest CPU. This document highlights the differences between certified versions and January 2008 CPU supported versions.
Oracle Critical Patch Update - October 2007 - E-Business Suite Impact: An analysis of the impact to Oracle E-Business Suite implementations for the October 2007 Oracle Critical Patch Update. Each analysis includes information on the vulnerabilities disclosed by Oracle, a review of the patches, and suggestions on when and how to apply the patches.
Oracle Critical Patch Update - October 2007 - Version Support Matrix: The product versions supported by Oracle’s Critical Patch Updates (CPU) are a subset of the certified versions, thus a certified version may not be supported by the latest CPU. This document highlights the differences between certified versions and October 2007 CPU supported versions.
Oracle Jinitiator 1.1.8 Buffer Overflow Vulnerability Analysis: US-CERT released an advisory on August 28, 2007 regarding multiple stack buffer overflows in the Oracle Jinitiator product (Vulnerability Note VU#474433/CVE-2007-4467). Due to limited public technical information on Jinitiator, no access to the Oracle support website, and maybe lack of cooperation from Oracle itself, the information released by US-CERT is incomplete as to the true scope of vulnerable Jinitiator versions, does not identify all vulnerable Jinitiator installs, and has only limited remediation steps. This analysis provides information on the true scope of affected Jinitiator versions, comprehensive and recommended remediation steps, and an overview of the risks associated with this vulnerability. The objective of this analysis is to assist IT security professionals, IT managers, and database administrators in assessing the impact on their Oracle Forms implementations and the risks associated with this vulnerability, especially since Jinitiator is deployed in many large organizations and as part of mission critical applications like the Oracle E-Business Suite, Oracle Clinical, and SunGard Banner.
Oracle Critical Patch Update - July 2007 - E-Business Suite Impact: An analysis of the impact to Oracle E-Business Suite implementations for the July 2007 Oracle Critical Patch Update. Each analysis includes information on the vulnerabilities disclosed by Oracle, a review of the patches, and suggestions on when and how to apply the patches.
Oracle Critical Patch Update - July 2007 - Version Support Matrix: The product versions supported by Oracle’s Critical Patch Updates (CPU) are a subset of the certified versions, thus a certified version may not be supported by the latest CPU. This document highlights the differences between certified versions and July 2007 CPU supported versions.
Oracle Critical Patch Update - April 2007 - E-Business Suite Impact: An analysis of the impact to Oracle E-Business Suite implementations for the April 2007 Oracle Critical Patch Update. Each analysis includes information on the vulnerabilities disclosed by Oracle, a review of the patches, and suggestions on when and how to apply the patches.
Oracle Critical Patch Update - April 2007 - Version Support Matrix: The product versions supported by Oracle’s Critical Patch Updates (CPU) are a subset of the certified versions, thus a certified version may not be supported by the latest CPU. This document highlights the differences between certified versions and April 2007 CPU supported versions.
Oracle Critical Patch Update - January 2007 - E-Business Suite Impact: An analysis of the impact to Oracle E-Business Suite implementations for the January 2007 Oracle Critical Patch Update. Each analysis includes information on the vulnerabilities disclosed by Oracle, a review of the patches, and suggestions on when and how to apply the patches.
Oracle Critical Patch Update - January 2007 - E-Business Suite Tech Stack Matrix: The supported technology stack versions required by Oracle’s Critical Patch Updates (CPU) may be different from the certified technology stack versions, thus a certified technology stack component version may not be supported by the latest CPU. This document highlights the differences between certified versions and CPU January 2007 required versions.
Spoofing Oracle Session Information: Oracle Database session information includes database user name, operating system user name, host, terminal, IP address, module, program, timestamps, session ID, and other details. These values are critical to auditing and identifying the actual end-user. Many of the database session values can be “spoofed” by an attacker either to mask the true identity or to circumvent security and auditing measures. This paper looks at four common stores and uses of database session information related to security and auditing: (1) V$SESSION view, (2) SYS_CONTEXT function, (3) Database Session Auditing, and (4) Fine Grained Auditing (FGA). The V$SESSION view contains one row per current database session. The SYS_CONTEXT function returns information regarding the current database session and is often used with database logon triggers. Database session auditing (AUDIT SESSION;) records all database logons and logoffs. Fine Grained Auditing is used to audit SQL statements executed for specific database objects and can be configured based on columns or other criteria.
Oracle Critical Patch Update - October 2006 - E-Business Suite Impact: An analysis of the impact to Oracle E-Business Suite implementations for each Oracle Critical Patch Update. Each analysis includes information on the vulnerabilities disclosed by Oracle, a review of the patches, and suggestions on when and how to apply the patches.
Oracle Critical Patch Update - October 2006 - E-Business Suite Tech Stack Matrix: The supported technology stack versions required by Oracle’s Critical Patch Updates (CPU) may be different from the certified technology stack versions, thus a certified technology stack component version may not be supported by the latest CPU. This document highlights the differences between certified versions and CPU July 2006 required versions.
Un-patched Oracle Database Bugs - E-Business Suite Impact: There are three major un-patched Oracle Database security bugs and these bugs have varying impact on the Oracle E-Business Suite 11i. The DBMS_ASSERT bypass issues can be readily exploited in Oracle Applications using the APPLSYSPUB database account. The view security bypass vulnerability should be of critical concern for all implementations that allow direct SQL access through shared database accounts. Finally, the integer overflow in the Alter Session statement can be exploited, but requires knowledge regarding buffer overflows in order to successfully exploit.
Oracle Critical Patch Update - July 2006 - E-Business Suite Tech Stack Matrix: The supported technology stack versions required by Oracle’s Critical Patch Updates (CPU) may be different from the certified technology stack versions, thus a certified technology stack component version may not be supported by the latest CPU. This document highlights the differences between certified versions and CPU July 2006 required versions.
Oracle Critical Patch Update - April 2006 - E-Business Suite Impact: An analysis of the impact to Oracle E-Business Suite implementations for each Oracle Critical Patch Update. Each analysis includes information on the vulnerabilities disclosed by Oracle, a review of the patches, and suggestions on when and how to apply the patches.
Oracle Diagnostics 2.3 Security Patch - E-Business Suite Impact: Oracle Corporation released the “Diagnostics Support Pack February 2006 with Oracle Diagnostics 2.3 RUP A” on February 23, 2006, which is an upgrade to the Oracle E-Business Suite diagnostics and includes a number of security fixes. Due to the number of security fixes included in this patch, Oracle is advising customers to apply this patch and that these security fixes will also be included in the next quarterly Critical Patch Update (April 18, 2006).

Next 7 items » [1] 2

Integrigy Corporation

Sections

Personal tools

Document Actions

Security Analysis