Oracle E-Business Multiple Vulnerabilities (October 2016 CPU)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

A web application installed on the remote host is affected by multiple
vulnerabilities.

Description :

The version of Oracle E-Business installed on the remote host is
missing the October 2016 Oracle Critical Patch Update (CPU). It is,
therefore, affected by multiple vulnerabilities :

- A heap buffer overflow condition exists in the OpenSSL
subcomponent in the EVP_EncodeUpdate() function within
file crypto/evp/encode.c that is triggered when handling
a large amount of input data. An unauthenticated, remote
attacker can exploit this to cause a denial of service
condition. (CVE-2016-2105)

- A heap buffer overflow condition exists in the OpenSSL
subcomponent in the EVP_EncryptUpdate() function within
file crypto/evp/evp_enc.c that is triggered when
handling a large amount of input data after a previous
call occurs to the same function with a partial block.
An unauthenticated, remote attacker can exploit this to
cause a denial of service condition. (CVE-2016-2106)

- Multiple flaws exist in the OpenSSL subcomponent in the
aesni_cbc_hmac_sha1_cipher() function in file
crypto/evp/e_aes_cbc_hmac_sha1.c and the
aesni_cbc_hmac_sha256_cipher() function in file
crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered
when the connection uses an AES-CBC cipher and AES-NI
is supported by the server. A man-in-the-middle attacker
can exploit these to conduct a padding oracle attack,
resulting in the ability to decrypt the network traffic.
(CVE-2016-2107)

- Multiple unspecified flaws exist in the OpenSSL
subcomponent in the d2i BIO functions when reading ASN.1
data from a BIO due to invalid encoding causing a large
allocation of memory. An unauthenticated, remote
attacker can exploit these to cause a denial of service
condition through resource exhaustion. (CVE-2016-2109)

- An out-of-bounds read error exists in the OpenSSL
subcomponent in the X509_NAME_oneline() function within
file crypto/x509/x509_obj.c when handling very long ASN1
strings. An unauthenticated, remote attacker can exploit
this to disclose the contents of stack memory.
(CVE-2016-2176)

- An unspecified flaw exists in the Runtime Catalog
subcomponent in the iStore component that allows an
unauthenticated, remote attacker to impact
confidentiality and integrity. (CVE-2016-5489)

- An unspecified flaw exists in the AD Utilities
subcomponent in the Applications DBA component that
allows a local attacker to disclose sensitive
information. (CVE-2016-5517)

- An unspecified flaw exists in the Workflow Events
subcomponent in the Shipping Execution component that
allows an unauthenticated, remote attacker to disclose
sensitive information. (CVE-2016-5532)

- An unspecified flaw exists in the Price Book
subcomponent in the Advanced Pricing component that
allows an unauthenticated, remote attacker to impact
confidentiality and integrity. (CVE-2016-5557)

- An unspecified flaw exists in the Requisition Management
subcomponent in the iProcurement component that allows
an unauthenticated, remote attacker to impact
confidentiality and integrity. (CVE-2016-5562)

- Multiple unspecified flaws exist in the AD Utilities
subcomponent in the DBA component that allow an
authenticated, remote attacker to impact confidentiality
and integrity. (CVE- 2016-5567, CVE-2016-5570,
CVE-2016-5571)

- An unspecified flaw exists in the Resources Module
subcomponent in the Common Applications Calendar
component that allows an unauthenticated, remote
attacker to disclose sensitive information.
(CVE-2016-5575)

- An unspecified flaw exists in the Candidate Self Service
subcomponent in the iRecruitment component that allows a
local attacker to gain elevated privileges.
(CVE-2016-5581)

- An unspecified flaw exists in the File Upload
subcomponent in the One-to-One Fulfillment component
that allows an unauthenticated, remote attacker to
impact integrity. (CVE-2016-5583)

- An unspecified flaw exists in the Select Application
Dependencies subcomponent in the Interaction Center
Intelligence component that allow an unauthenticated,
remote attacker to impact confidentiality and integrity.
(CVE-2016-5585)

- An unspecified flaw exists in the Dispatch/Service Call
Requests subcomponent in the Email Center component that
allow an unauthenticated, remote attacker to impact
confidentiality and integrity. (CVE-2016-5586)

- Multiple unspecified flaws exist in the Outcome-Result
subcomponent in the Customer Interaction History
component that allow an unauthenticated, remote
attacker to impact confidentiality and integrity.
(CVE-2016-5587, CVE-2016-5591, CVE-2016-5593)

- An unspecified flaw exists in the Responsibility
Management subcomponent in the CRM Technical Foundation
component that allows an unauthenticated, remote
attacker to impact confidentiality and integrity.
(CVE-2016-5589)

- Multiple unspecified flaws exist in the Result-Reason
subcomponent in the Customer Interaction History
component that allow an unauthenticated, remote attacker
to impact confidentiality and integrity. (CVE-2016-5592,
CVE-2016-5595)

- An unspecified flaw exists in the Default Responsibility
subcomponent in the CRM Technical Foundation component
that allows an unauthenticated, remote attacker to
disclose sensitive information. (CVE-2016-5596)

See also :

http://www.nessus.org/u?bac902d5

Solution :

Apply the appropriate patch according to the October 2016 Oracle
Critical Patch Update advisory.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N)
CVSS Temporal Score : 6.7
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true