Oracle Database是一款商业性质大型数据库系统。
Oracle数据库存在多个缓冲区溢出和拒绝服务问题,远程攻击者可以利用这个漏洞控制数据库或进行拒绝服务攻击。
多个组织发现Oracle数据库和应用服务程序存在多个漏洞,其中范围包括缓冲区溢出,PL/SQL注入,字符集转换错误和拒绝服务攻击。
受影响系统:
Oracle Oracle 8i Enterprise Edition 8.1.7.1.0
Oracle Oracle 8i Enterprise Edition 8.1.7.0.0
Oracle Oracle 8i Enterprise Edition 8.1.6.1.0
Oracle Oracle 8i Enterprise Edition 8.1.6.0.0
Oracle Oracle 8i Enterprise Edition 8.1.5.1.0
Oracle Oracle 8i Enterprise Edition 8.1.5.0.2
Oracle Oracle 8i Enterprise Edition 8.1.5.0.0
Oracle Oracle 8i Enterprise Edition 8.0.6.0.1
Oracle Oracle 8i Enterprise Edition 8.0.6.0.0
Oracle Oracle 8i Enterprise Edition 8.0.5.0.0
Oracle Oracle9i Standard Edition 9.2.0.4
Oracle Oracle9i Standard Edition 9.2.0.1
Oracle Oracle9i Release 2 9.2.2
Oracle Oracle9i Release 2 9.2.1
Oracle Oracle9i Personal Edition 9.2.0.4
Oracle Oracle9i Personal Edition 9.2.0.1
Oracle Oracle9i Enterprise Edition 9.2.0.4
Oracle Oracle9i Enterprise Edition 9.2.0.1
Oracle Oracle9i 9.2.0.3
Oracle Oracle9i 9.2.0.2
Oracle Oracle9i 9.2.0.1
Oracle Oracle9i 9.2
Oracle Oracle9i 9.0.2
Oracle Oracle9i 9.0.1.4
Oracle Oracle9i 9.0.1.3
Oracle Oracle9i 9.0.1.2
Oracle Oracle9i 9.0.1
Oracle Oracle9i 9.0
Oracle Oracle10g Application Server 9.0.4.0
Oracle Oracle10g Application Server 10.1.0.2
Oracle Oracle10g Enterprise Edition 9.0.4.0
Oracle Oracle10g Enterprise Edition 10.1.0.2
Oracle Oracle10g Personal Edition 9.0.4.0
Oracle Oracle10g Personal Edition 10.1.0.2
Oracle Oracle10g Standard Edition 9.0.4.0
Oracle Oracle10g Standard Edition 10.1.0.2
攻击方法:
暂无有效攻击代码
解决方案:
厂商补丁:
Oracle
客户可以联系供应商下载补丁程序:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=281189.1
(T114)