安全研究

安全漏洞
Oracle 2005年10月更新修复多个安全漏洞

发布日期:2005-10-19
更新日期:2005-10-19

受影响系统:
Oracle E-Business Suite 11i 11.5.9
Oracle E-Business Suite 11i 11.5.8
Oracle E-Business Suite 11i 11.5.7
Oracle E-Business Suite 11i 11.5.6
Oracle E-Business Suite 11i 11.5.5
Oracle E-Business Suite 11i 11.5.4
Oracle E-Business Suite 11i 11.5.3
Oracle E-Business Suite 11i 11.5.2
Oracle E-Business Suite 11i 11.5.10 CU2
Oracle E-Business Suite 11i 11.5.10
Oracle E-Business Suite 11i 11.5.1
Oracle E-Business Suite 11.0
Oracle Oracle9i Database Server Release 2 9.2.0.7
Oracle Oracle9i Database Server Release 2 9.2.0.6
Oracle Oracle9i Database Server Release 2 9.2.0.5
Oracle Oracle8i Database Server Release 3 8.1.7.4
Oracle Enterprise Manager Grid Control 10g 10.1.0.4
Oracle Enterprise Manager Grid Control 10g 10.1.0.3
Oracle Database Server 10g Release 1 10.1.0.4
Oracle Database Server 10g Release 1 10.1.0.3
Oracle Application Server 10g Release 2 10.1.2.0.2
Oracle Application Server 10g Release 2 10.1.2.0.1
Oracle Application Server 10g Release 2 10.1.2.0.0
Oracle Application Server 10g Release 1 (9.0.4) 9.0.4.2
Oracle Application Server 10g Release 1 (9.0.4) 9.0.4.1
Oracle Collaboration Suite 10g Release 1 10.1.1
Oracle Oracle9i Collaboration Suite Release 2 9.0.4.2
Oracle Clinical 4.5.1
Oracle Clinical 4.5.0
Oracle PeopleSoft Enterprise Tools 8.1 - 8.46.03
Oracle PeopleSoft CRM 8.81 - 8.9
Oracle JD Edwards EnterpriseOne/OneWorld XE, SP23_K1
Oracle JD Edwards EnterpriseOne/OneWorld XE, 8.95_B1
Oracle JD Edwards EnterpriseOne/OneWorld XE, 8.94_Q1
描述:
BUGTRAQ  ID: 15134
CVE ID: CVE-2005-3437

Oracle Database是一款商业性质大型数据库系统。

各种Oracle数据库服务器、Oracle企业管理器、Oracle应用服务器、Oracle协作组件、Oracle电子商务组件和应用、Oracle PeopleSoft Enterprise和JD Edwards EnterpriseOne受多个漏洞影响。

这些漏洞可能是本地或远程漏洞,影响Oracle产品的所有安全属性。攻击者可能利用这些漏洞破坏服务器的保密性、完整性或可用性,或执行任意代码。目前更多信息不详。

<*来源:Brian Carr
        Sacha Faust
        Esteban Martínez Fayó (secemf@gmail.com
        Alexander Kornbrust (ak@red-database-security.com
        Steven Kost
        David Litchfield
        noderat ratty
        Keigo Yamazaki (snsadv@lac.co.jp
  
  链接:http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html
        http://www.us-cert.gov/cas/techalerts/TA05-292A.html
*>

建议:
厂商补丁:

Oracle
------
Oracle已经为此发布了一个安全公告(cpuoct2005)以及相应补丁:
cpuoct2005:Oracle Critical Patch Update - October 2005
链接:http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html

补丁下载:

http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=333956.1

http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=333959.1

http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=333961.1

http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=333963.1

http://www.peoplesoft.com/corp/en/support/security_index.jsp

浏览次数:4083
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客