January 16, 2009 | Prepys' Homepage

Oracle Multiple Vulnerabilities

January 16, 2009January 16, 2009 Bitstop Network Services, Inc Leave a comment

Systems Affected: * Oracle Database 11g, version 11.1.0.6, * Oracle Database 10g Release 2, versions 10.2.0.2, ,0.2.0.3, and 10.2.0.4, * Oracle Database 10g, version 10.1.0.5, * Oracle Database 9i Release 2, versions 9.2.0.8 and 9.2.0.8DV, * Oracle Secure Backup, versions 10.1.0.1, 10.1.0.2, 10.1.0.3,10.2.0.2, and 10.2.0.3, * Oracle TimesTen In-Memory Database, versions 7.0.5.1.0, 7.0.5.2.0, 7.0.5.3.0, and 7.0.5.4.0,* Oracle Application Server 10g Release 3 (10.1.3), version,10.1.3.3.0, * Oracle Application Server 10g Release 2 (10.1.2), versions, 10.1.2.2.0 and 10.1.2.3.0, * Oracle Collaboration Suite 10g, version 10.1.2, * Oracle E-Business Suite Release 12, version 12.0.6, * Oracle E-Business Suite Release 11i, version 11.5.10.2, * Oracle Enterprise Manager Grid Control 10g Release 4, version, 10.2.0.4, * PeopleSoft Enterprise HRMS, versions 8.9 and 9.0, * JD Edwards Tools, version 8.97, * Oracle WebLogic Server (formerly BEA WebLogic Server) 10.0, released through MP1, 10.3 GA, * Oracle WebLogic Server (formerly BEA WebLogic Server) 9.0 GA,, 9.1 GA, 9.2 released through MP3, * Oracle WebLogic Server (formerly BEA WebLogic Server) 8.1, released through SP6, * Oracle WebLogic Server (formerly BEA ,webLogic Server) 7.0, released through SP7, * Oracle WebLogic Portal (formerly BEA WebLogic Portal) 10.0, released through MP1, 10.2 GA, 10.3 GA, * Oracle WebLogic Portal (formerly BEA WebLogic Portal) 9.2, released through MP3, * Oracle WebLogic Portal (formerly BEA WebLogic Portal) 8.1, released through SP6,

For more information regarding affected product versions, please see the Oracle Critical Patch Update - January 2009.

Overview

Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.

I. Description

The Oracle Critical Patch Update - January 2009 addresses 41 vulnerabilities in different Oracle products and components. The document provides information about affected components, access and authorization required, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.

Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.

II. Impact

The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers.

An attacker who compromises an Oracle database may be able to access sensitive information.

III. Solution

Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update - January 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.

IV. References

* Oracle Critical Patch Update for January 2009 -

* Critical Patch Updates and Security Alerts -

* Map of Public Vulnerability to Advisory/Alert -

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html>http://www.oracle.com/technology/deploy/security/alerts.htm>http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html>

Litratong Pinoy 41: Asul

January 16, 2009January 16, 2009 ajay Leave a comment

Lumaki akong kaharap lang ang dagat kaya naman ako ay nabibighani kapag nakakakita ng tanawing tulad nito. Natatandaan ko noong ako’s maliit pa, nakikita ko ang mga mandaragat na pumapalaot sa kanilang bangka tuwing umaga. At pag gabi naman, naririnig ko sa aking kwarto ang paghampas ng alon sa mga bato.Too good to be true, pero totoo.

Masasabi mo ngang malayo na ang narating ko kasi nasa Maynila na ako. Pero ano naman ang panama ng mga naglalakihang mall at gusali ng siyudad sa puting buhangin at malawak na dagat na kinagisnan ko? Kahit wala man gaanong pinagpiyestahan na TV at tsokolate sa paglaki, nakaukit na sa isip ko ang mistulang paraisong kinamulatan na yon.

Dalawang taon na rin ang lumipas mula ng ako’y huling napadpad sa aming probinsya.Wala pa ring gaanong pagbabago, maliban sa ilang mga banyaga na nagda-diving doon. At sa aking pagbisita, nandun pa rin ang panalangin na balang araw ako ay tumira uli sa bahay sa may tabing-dagat, kung saan ang aking mundo ay makukulayan na naman ng berde, asul, dilaw at puti. At ang pinakahigit dito ay… asul!

Visa Waiver Program: have ESTA, will travel

January 16, 2009January 16, 2009 ajay Leave a comment

If you’re a Filipino hard put in getting a visa at the US Embassy, this is not for you. But in case you’re still interested, read on -

Citizens of countries under the US Visa Waiver Program will now have to make an extra effort to enter the US. This is made possible with the Electronic System for Travel Authorization implemented last January 12 by the US Department of Homeland Security (DHS). Prospective passengers are now required to apply online for travel authorization at least 72 hours before their trip.

The ESTA website asks travellers to input their personal data, such as those contained in their passport, and their flight numbers. This is then matched to the DHS database. If the applicant is rejected under the online system (by reason, perhaps, of being on the terrorist watch list or a previous record), he/she is enjoined to apply for a US visa in the nearest embassy.

http://www.annalyn.net/2008/08/25/countries-which-dont-need-a-us-visa-the-visa-waiver-program/#comments

Giving ammo to drug syndicates

January 16, 2009January 16, 2009 admin Leave a comment

Only in the Philippines.

Imagine a justice secretary giving drug syndicates ammunition to use against law enforcers. The drug lords must be rejoicing.

In his anger towards Maj. Ferdinand Marcelino, who dared talk back to him at a hearing in the House of Representatives, Justice Secretary Raul Gonzalez said the Marine officer’s secondment at the Philippine Drug Enforcement Agency is unconstitutional. Thus, all the operations conducted by Marcelino could be rendered invalid.

Gonzalez cited a constitutional provision that “no member of the Armed Forces in the active service shall at any time be appointed or designated in any capacity to a civilian position in the government, including government-owned or controlled corporations, or any of their subsidiaries.”

Harry Roque, professor of Public International Law at the UP College of Law and at the Philippine Judicial Academy and chairman of the Center for International Law, disagrees with the justice secretary’s interpretation, saying secondment of Marcelino with the PDA is covered by the powers of the president as head of the bureaucracy.

Marcelino said his assignment at the PDEA was approved by President Arroyo, who is also the commander-in-chief of the Armed Forces of the Philippines (even if she is a fake president, I must add).

Roque said Gonzalez’ latest tirade against Marcelino “is a very clear indication that he will sustain the dismissal of the drug case against Richard Brodett, Joseph Tecson, and Jorge Joseph tagged by media as the “Alabang Boys” who were caught in a buy-bust in September 2008. The dismissal was aborted by the media leak of bribery that reportedly reached up to P50 million.

Rep. Roilo Golez expressed concern that Gonzalez “wittingly or unwittingly, is sabotaging the operations of PDEA by publicly declaring that ‘Marcelino’s act is not valid.’ Now he has given potentially crucial arguments to the defense counsel of all those facing illegal drugs cases resulting from PDEA operations led by Marcelino.”

Golez said: “A responsible justice secretary thinking of the national interest should have made his legal opinions in closed-door meetings instead of a press conference. In apparently spiting an agency he now considers a nemesis, he forgot his role in the fight against illegal drugs.”

“The justice secretary has become, in my opinion, an unwitting ally of those accused by Marcelino/PDEA of violating R.A. 9165,” Golez said. R.A. 9165 is the Comprehensive Dangerous Act of 2002 that governs government programs and operation to stop the proliferation of illegal drugs in the country.

Golez said with Gonzalez at the helm of the justice department, PDEA’s operations have been neutered. “This is a very sad turn of developments for the anti- illegal- drug campaign,” he said.

Now, let’s see how Arroyo, who has crowned herself drug czarina, will handle this. Will she sanction Gonzalez, who was responsible in installing her in Malacañang despite the fact that she was never elected to the presidency by the Filipino people?

Ding Generoso, a media executive, said if there was any violation of the Constitution with the secondment of Marcelino at the PDEA, it should be Arroyo who should be held accountable. It should be ground for impeachment. “He should be the star witness in a new impeachment complaint against Arroyo,” he said.

Blogger Tongue Twisted enthused: “Yehey! Makakawala na rin lahat ng drug lords na nahuli ng PDEA kasama ng Alabang Boys! Isasauli na rin yung bilyong pisong shabu pati lab equipment na ebidensiya dahil illegal si Marcelino!

“At saka kailangang palitan na yung stock certificates at treasury bonds na P50M. Bobo kasi si Atty. Verano, wrong spelling. Yung last letter ng Gonzales niya ay “s” hindi “z”!

* * *

Government prosecutors who were so enamored with legal technicalities should take a look at this New York Times news report on a Supreme Court decision that evidence obtained from an unlawful arrest based on careless record keeping by the police may be used against a criminal defendant. (http://www.nytimes.com/2009/01/15/washington/15scotus.html?_r=2&hp)

The report said Chief Justice John G. Roberts Jr., writing for the majority, said that the exclusion of evidence should be a last resort and that judges should use a sliding scale in deciding whether particular misconduct by the police warranted suppressing the evidence they had found.

“To trigger the exclusionary rule,” Chief Justice Roberts wrote, “police conduct must be sufficiently deliberate that exclusion can meaningfully deter it, and sufficiently culpable that such deterrence is worth the price paid by the justice system.”

That price, the chief justice wrote, “is, of course, letting guilty and possibly dangerous defendants go free.”

Wait, there’s more!: Don’t have Paypal yet? What are you waiting for? Sign up now!