| oraclenetserviceslink查询请求缓冲区溢出漏洞的修补 |
| |
发布者: 发布时间:2006-05-07 |
|
|
发布时间:2003-05-25
更新时间:2003-05-25
严重程度:高
威胁程度:普通用户访问权限
错误类型:边界检查错误
利用方式:服务器模式
bugtraq id:7453
受影响系统
oracle oracle7 7.3.3 oracle oracle7 7.3.4 -redhat linux 5.0 -redhat linux 5.1 -redhat linux 5.2 i386 -redhat linux 6.0 -redhat linux 6.1 i386 -sun solaris 2.4 -sun solaris 2.4 _x86 -sun solaris 2.5 -sun solaris 2.5 _x86 -sun solaris 2.5.1 -sun solaris 2.5.1 _x86 -sun solaris 2.6 +sun solaris 2.6 _x86 oracle oracle8 8.0.1 oracle oracle8 8.0.2 oracle oracle8 8.0.3 oracle oracle8 8.0.4 oracle oracle8 8.0.4 oracle oracle8 8.0.5 .1 oracle oracle8 8.0.5 oracle oracle8 8.0.5 -sgi irix 6.5.4 oracle oracle8 8.0.6 oracle oracle8 8.0.6 oracle oracle8 8.1.5 +hp hp-ux 11.0 +hp hp-ux 11.11 +redhat linux 6.1 i386 +redhat linux 6.2 i386 +sun solaris 7.0 +sun solaris 8.0 oracle oracle8 8.1.6 oracle oracle8 8.1.7 -microsoft windows 2000 workstation oracle oracle8i 8.0 x oracle oracle8i 8.0.6 .3 oracle oracle8i 8.0.6 oracle oracle8i 8.1 x oracle oracle8i 8.1.5 oracle oracle8i 8.1.6 oracle oracle8i 8.1.7 .4 oracle oracle8i 8.1.7 .1 oracle oracle8i 8.1.7 oracle oracle9i 9.0 oracle oracle9i 9.0.1 .4 oracle oracle9i 9.0.1 .3 oracle oracle9i 9.0.1 .2 oracle oracle9i 9.0.1 oracle oracle9i 9.0.2 oracle oracle9i 9.2 .0.2 oracle oracle9i 9.2 .0.1 oracle oracle9i release 2 9.2 .2 oracle oracle9i release 2 9.2 .2 oracle oracle9i release 2 9.2 .1 oracle oracle9i release 2 9.2 .1 |
详细描述
oracle database server实现上存在缓冲区溢出漏洞,问题在于服务器程序对create database link查询请求没有进行充分的边界检查,攻击者通过提交超长的请求会导致破坏堆栈中的数据转而执行攻击者指定的任意指令。
解决方案
厂商已经提供了补丁:
oracle oracle8i 8.0.6 .3:
oracle patch 2760879
http://metalink.oracle.com/
oracle patch 2845564
http://metalink.oracle.com/
microsoft windows nt/2000/xp.
oracle oracle8i 8.1.7 .4:
oracle patch 2784635
http://metalink.oracle.com/
oracle patch 2899111
http://metalink.oracle.com/
microsoft windows nt/2000/xp.
oracle oracle9i 9.0.1 .4:
oracle patch 2760944
http://metalink.oracle.com/
oracle oracle9i 9.2 .0.2:
oracle patch 2749511
http://metalink.oracle.com/
相关信息
"ngssoftware insight security research" <nisr@nextgenss.com>
oracle database server buffer overflow vulnerability
http://online.securityfocus.com/archive/1/319914
|
| (转载文章请保留出处:北天JAVA技术网(www.java114.com)) |
| |
| 更多精彩文章: |
| oraclerman/tivoli-tdp/下数据恢复到节点 |
| tsmserver,client,tdpo安装配置手记(1) |
| tsmserver,client,tdpo安装配置手记(2) |
| 用linux完成oracle自动物理备份 |
| 在oracle里用存储过程定期分割表 |
| 在oracle里设置访问多个sqlserver |
| |
| 最近评论: |
|
|
| 冰封的往事! |
| wow power leveling,wow gold,wow power leveling,wow gold
max(6507) |
|
|
| 冰封的往事! |
| wow power leveling,wow gold,WoW Gold,wow gold
max(7994) |
|
|
| 飞舞的传奇! |
| 传世私服,传世私服.传奇世界私服传奇世界私服,传世私服传世私服, 传奇世界私服传奇世界私服.传奇私服传奇私服. max(4714) |
|
|
| |
| 免责声明:该文章由网友发表,如果对您造成侵权,请联系站长。 |
