| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Oct 19 21:19:31 2005 From: ipatches at hushmail.com (ipatches@...hmail.com) Subject: Vulnerabilities in Oracle E-Business Suite 11i-Critical Patch Update October 2005 XXXXXXXXX Security wrote: > XXXXXXXXX Security Advisory > ____________________________________________________________________ __ > > Vulnerabilities in Oracle E-Business Suite 11i Oracle > Critical Patch Update - October 2005 October 18, 2005 > ____________________________________________________________________ __ > > Summary: > > Oracle today released its fourth Critical Patch Update > (October 2005). The > patches contained in the Critical Patch Update will correct > numerous security bugs in the Oracle Database, Oracle > Application Server, and Oracle E-Business Suite. Some of the > vulnerabilities in the Critical Patch Update are high risk > and a few can be exploited remotely using a web browser. > > Almost all the security bugs fixed in this Critical Patch > Update are exploitable in Oracle E-Business Suite > environments and the appropriate patches should be applied as > soon as possible. Patches for the Oracle Database, Oracle > Application Server, Oracle Developer 6i, and Oracle > E-Business Suite 11i must be applied -- almost all > implementations will have to apply at least 12 patches. > Customers with Internet-facing implementations of the Oracle > E-Business Suite are at most risk and should consider > applying these patches quickly. > > The Oracle E-Business Suite patches involved with this > Critical Patch Update are much more complex as compared to > the previous CPUs and will require additional functional > testing in our opinion. In addition, the Oracle E-Business > Suite security patches are not cumulative, therefore, all the > patches specified in this CPU and previous CPUs must be applied. > > XXXXXXXXX has released additional guidance to help our > clients in determining the relevance and priority of these > patches for their Oracle E-Business Suite implementations. > The XXXXXXXXX analysis for the this Critical Patch Update is > available at -- > > http://www.XXXXXXXXX.com/analysis.htm > > ____________________________________________________________________ __ > > For more information or questions regarding this security > advisory, please contact us at alerts@...XXXXXX.com. > > XXXXXXXXX has included checks for these vulnerabilities in > AppSentry, a vulnerability scanner for Oracle Applications, > and AppDefend, an application intrusion prevention system for > Oracle Applications. > > Credit: > > Some of the vulnerabilities fixed in the Critical Patch > Update October 2005 were discovered and reported to Oracle by > Stephen Kost of XXXXXXXXX Corporation. > ____________________________________________________________________ __ > > About XXXXXXXXX Corporation (www.XXXXXXXXX.com) > > XXXXXXXXX Corporation is a leader in application security for > large enterprise, mission critical applications. Our > application vulnerability assessment tool, AppSentry, assists > companies in securing their largest and most important > applications. AppDefend is an intrusion prevention system for > Oracle Applications and blocks common types of attacks > against application servers. XXXXXXXXX Consulting offers > security assessment services for leading ERP and CRM applications. > > For more information, visit www.XXXXXXXXX.com. I think this is very bad advisory. There is no detail and I was watching for company name 12 times. Stephen Kost is only get credit as "Some of the vulnerabilities fixed in the Critical Patch Update October 2005 were discovered and reported to Oracle by Stephen Kost of XXXXXXXXX Corporation" I think Stephen Kost should discover better company for security working. This company contributes nothing to discussion. Thank you but no advertisement on Fulldisclosure please! Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434
Powered by blists - more mailing lists