Re: Silently fixed security bugs in Oracle Critical Patch Update July 2005

To: <ak@xxxxxxxxxxxxxxxxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: Silently fixed security bugs in Oracle Critical Patch Update July 2005
From: "David Litchfield" <davidl@xxxxxxxxxxxxxxx>
Date: Fri, 15 Jul 2005 18:17:25 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20050715065642.1336.qmail@xxxxxxxxxxxxxxxxx>

Hi Alex and all,

After reading the patch documentation and some tests with the CPU July2005 I found out that Oracle fixed some security bugs silently withoutmention these bugs in their current risk matrix.
Detailed information about most of these bugs are not available viaMetalink but in many cases the description is sufficient for a maliciousattacker(e.g. "/DAV_PUBLIC IS NOT PROTECTED BY DEFAULT ENABLING MALITIOUS USER TOFILL IT UP")
For Mod_Oradav 9.0.2.3:
2576249 - /DAV_PUBLIC IS NOT PROTECTED BY DEFAULT ENABLING MALITIOUS USERTO FILL IT UP
2544464 - ORAALTPASSWORD SHOULD BE ENCRYPTED AND NOT JUST OBFUSCATED

I don't think this one was silently fixed - seehttp://www.securitytracker.com/alerts/2003/Feb/1006098.html


Cheers,
David Litchfield
NGSSoftware Ltd
http://www.ngssoftware.com/

References:
- Silently fixed security bugs in Oracle Critical Patch Update July 2005
  - From: ak

Prev by Date: Stack-Based Buffer Overflow in Sybase EAServer 4.2.5 to 5.2
Next by Date: [ GLSA 200507-16 ] dhcpcd: Denial of Service vulnerability
Previous by thread: Silently fixed security bugs in Oracle Critical Patch Update July 2005
Next by thread: Compromising pictures of Microsoft Internet Explorer!
Index(es):
- Date
- Thread