Remote unauthorized access to the Database Vault Component of the Oracle Database Server

Release date:
Updated on:

Affected Systems:
Oracle Oracle10g Enterprise Edition 10.2.5
Oracle Oracle10g Enterprise Edition 10.2.3
Oracle Oracle10g Enterprise Edition 10.2.0.4
Oracle Oracle10g Personal Edition 10.2.5
Oracle Oracle10g Personal Edition 10.2.3
Oracle Oracle10g Personal Edition 10.2.0.4
Oracle Oracle10g Standard Edition
Oracle Oracle11g Enterprise Edition 11.x
Oracle Oracle11g Standard Edition
Oracle Oracle11g Standard Edition 11.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 47432, 47436
Cve id: CVE-2011-0804, CVE-2011-0793

Oracle Database Vault is a Database security product of Oracle.

The implementation of the Database Vault Component of Oracle Database Server has a vulnerability that can be exploited through the Oracle Net protocol. Remote attackers may exploit this vulnerability to obtain unauthorized access. Attackers need the Valid Account permission to launch attacks.

<* Source: Oracle
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Oracle
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.oracle.com/technetwork/topics/security/