[Previous entry: "The CPU Jan 2006 patch for HP/UX Application Server is empty"] [Next entry: "Duncan Harris speaks on Oracle Security"]
Alex has produced a detailed analysis of the Jan 2006 CPU
January 22nd, 2006 by Pete
Post to del.icio.us
Post to Furl
Alex has created a great analysis of the January 2006 Critical Patch Update (CPU Jan 2006). This page is titled "Details Oracle Critical Patch Update January 2006 - V1.06". This paper details all of the packages and functions/procedures that are vulnerable and all parameters where relevant. This section includes a lot of detailed information. The next section includes a mapping of security vulnerabilities in Oracle features and components. Then there is a section mapping oracle vulnerability numbers with vulnerability types and affected versions. Alex also details the very simple password checker also released with this patch that is intended to be used to check for the default users that are mentioned in the recent Oracle worm. A much better default password checker is available on this site that checks for a much larger list of accounts.
Alex has advised me that this is a living document and will be updated as new information becomes available.
