Oracle Jinitiator 1.1.8 Buffer Overflow Vulnerability Analysis

US-CERT released an advisory on August 28, 2007 regarding multiple stack buffer overflows in the Oracle Jinitiator product (Vulnerability Note VU#474433/CVE-2007-4467). Due to limited public technical information on Jinitiator, no access to the Oracle support website, and maybe lack of cooperation from Oracle itself, the information released by US-CERT is incomplete as to the true scope of vulnerable Jinitiator versions, does not identify all vulnerable Jinitiator installs, and has only limited remediation steps. This analysis provides information on the true scope of affected Jinitiator versions, comprehensive and recommended remediation steps, and an overview of the risks associated with this vulnerability. The objective of this analysis is to assist IT security professionals, IT managers, and database administrators in assessing the impact on their Oracle Forms implementations and the risks associated with this vulnerability, especially since Jinitiator is deployed in many large organizations and as part of mission critical applications like the Oracle E-Business Suite, Oracle Clinical, and SunGard Banner.

Click here to get the file