Oracle Database Server Core RDBMS Remote Denial of Service Vulnerability

Oracle Database Server Core RDBMS Remote Denial of Service Vulnerability

Release date:
Updated on:

Affected Systems:
Oracle Core RDBMS 11.2.0.3
Oracle Core RDBMS 11.2.0.2
Oracle Core RDBMS 11.1.0.7
Oracle Core RDBMS 10.2.0.5
Oracle Core RDBMS 10.2.0.4
Oracle Core RDBMS 10.2.0.3
Oracle Core RDBMS 10.1.0.5
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51453
Cve id: CVE-2012-0082

Oracle Server is an object-1 relational database management system. It provides open, comprehensive, and integrated information management methods. Each Server is composed of an Oracle DB and an Oracle Server instance. It provides Site Autonomy and transparent data storage mechanisms to achieve data storage transparency.

Oracle Database Server has a remote denial of service security vulnerability in the implementation of Core RDBMS. Remote authenticated attackers can exploit this vulnerability through the Oracle Net protocol and must have the Create session permission. Affected Versions: 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3.

<* Source: Oracle

Link: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Oracle
------
Oracle has released a Security Bulletin (cpujan2012-366304) and patches for this:

Cpujan2012-366304: Oracle Critical Patch Update Advisory-January 2012

Link: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html