Remote vulnerability in Oracle Database Server Warehouse Builder

Release date:
Updated on:

Affected Systems:
Oracle Oracle10g Enterprise Edition 10.2.5
Oracle Oracle10g Enterprise Edition 10.2.3
Oracle Oracle10g Enterprise Edition 10.2.0.4
Oracle Oracle10g Personal Edition 10.2.5
Oracle Oracle10g Personal Edition 10.2.3
Oracle Oracle10g Personal Edition 10.2.0.4
Oracle Oracle10g Standard Edition
Oracle Oracle11g Standard Edition
Description:
--------------------------------------------------------------------------------
Bugtraq id: 47429,47431
Cve id: CVE-2011-0792, CVE-2011-0799

Oracle Warehouse Builder (OWB) is a comprehensive Oracle tool that provides ETL (extraction, conversion, and loading), fully integrated relationship and dimensional modeling, data quality, and data auditing, and manage the entire lifecycle of data and metadata.

The Oracle Warehouse Builder Component of Oracle Database Server has a remote implementation vulnerability that can be exploited through the Oracle Net protocol, resulting in full control of the affected system.

Attackers need the dimen1_data Modeling permission to launch attacks.

<* Source: Oracle
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Oracle
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.oracle.com/technetwork/topics/security/