pioneer
超级版主
积分 4563
发帖 4545
注册 2007-7-16
来自 BJ
|
#1 Oracle产品多个漏洞
来源
secunia.com
软件名
Oracle9i Database Standard Edition
Oracle9i Database Enterprise Edition
Oracle Siebel SimBuilder 7.x
Oracle PeopleSoft Enterprise Tools 8.x
Oracle PeopleSoft Enterprise Human Capital Management 9.x
Oracle PeopleSoft Enterprise Human Capital Management 8.x
Oracle E-Business Suite 12.x
Oracle E-Business Suite 11i
Oracle Database 11.x
Oracle Database 10.x
Oracle Collaboration Suite 10.x
Oracle Application Server 10g
Oracle JInitiator 1.x
描述
1) 通过不特定参数传递到SDO_GEOM, SDO_IDX,和SDO_UTIL包的参数在用于sql查询前没有准确过滤,这可通过注入任意的sql代码操控sql查询
2)DBMS_STATS_INTERNAL包将OUTLN密码重置为缺省值,并且在创建物化视图时将DBA权限授权给了OUTLN用户
其余漏洞可导致不特定的错误,目前没有更多信息
该漏洞在以下产品和版本中已经报告
* Oracle Database 11g, version 11.1.0.6
* Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3
* Oracle Database 10g, version 10.1.0.5
* Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
* Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.1.0, 10.1.3.3.0
* Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.0.2, 10.1.2.1.0, 10.1.2.2.0
* Oracle Application Server 10g (9.0.4), version 9.0.4.3
* Oracle Collaboration Suite 10g, version 10.1.2
* Oracle E-Business Suite Release 12, version 12.0.4
* Oracle E-Business Suite Release 11i, version 11.5.10.2
* Oracle PeopleSoft Enterprise PeopleTools versions 8.22.19, 8.48.16, 8.49.09
* Oracle PeopleSoft Enterprise HCM versions 8.8 SP1, 8.9, 9.0
* Oracle Siebel SimBuilder versions 7.8.2, 7.8.5
解决方案
应用补丁(详见厂商建议)
| |
※文章所有权归【pioneer】与【东方微点论坛】共同所有,转载请注明出处!※
|
 |
|
