CVE-2002-0559
CVSS7.5
发布时间 :2002-07-03 00:00:00
修订时间 :2008-09-05 16:28:20
NMCOS    

[原文]Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name.


[CNNVD]Oracle 9iAS PL/SQL Apache模块存在多个缓冲区溢出漏洞(CNNVD-200207-022)

        
        Oracle 9iAS(Application Server)的web服务使用的是Apache web Server,它提供了多种应用环境,包括SOAP, PL/SQL, XSQL 以及JSP。
        Oracle 9iAS的PL/SQL Apache模块中存在多个缓冲区溢出漏洞,运行远程攻击者执行任意代码。
        PL/SQL 模块允许远程用户调用由oracle数据库服务器中的某个PL/SQL package导出的过程。这个模块中存在多个缓冲区溢出漏洞,具体方式为:
        1. 通过向plsql模块发送一个超长的请求
        2. 在HTTP客户端的认证头中设置一个超长的口令域
        3. 在缓存表单中使用一个超长的缓存目录名
        4. 在"adddad"表单中设置一个超长的口令。
        攻击者可以利用上述漏洞远程执行任意代码。在Windows NT/2000系统下,Oracle apache web服务器缺省运行在local SYSTEM帐号环境下,这意味着攻击者可以远程获取对系统的完全控制权。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:oracle:oracle8i:8.1.7
cpe:/a:oracle:application_server:1.0.2Oracle Application Server 9i 1.0.2
cpe:/a:oracle:oracle9i:9.0
cpe:/a:oracle:oracle8i:8.1.7.1
cpe:/a:oracle:oracle9i:9.0.1
cpe:/a:oracle:application_server_web_cache:2.0.0.0Oracle Oracle9iAS Web Cache 2.0.0.0
cpe:/a:oracle:application_server_web_cache:2.0.0.1Oracle Oracle9iAS Web Cache 2.0.0.1
cpe:/a:oracle:application_server_web_cache:2.0.0.3Oracle Oracle9iAS Web Cache 2.0.0.3
cpe:/a:oracle:application_server_web_cache:2.0.0.2Oracle Oracle9iAS Web Cache 2.0.0.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0559
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0559
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200207-022
(官方数据源) CNNVD

- 其它链接及资源

http://www.cert.org/advisories/CA-2002-08.html
(VENDOR_ADVISORY)  CERT  CA-2002-08
http://www.kb.cert.org/vuls/id/923395
(UNKNOWN)  CERT-VN  VU#923395
http://www.kb.cert.org/vuls/id/878603
(UNKNOWN)  CERT-VN  VU#878603
http://www.kb.cert.org/vuls/id/750299
(UNKNOWN)  CERT-VN  VU#750299
http://www.kb.cert.org/vuls/id/659043
(UNKNOWN)  CERT-VN  VU#659043
http://www.kb.cert.org/vuls/id/313280
(UNKNOWN)  CERT-VN  VU#313280
http://xforce.iss.net/static/8098.php
(VENDOR_ADVISORY)  XF  oracle-appserver-plsql-adddad-bo(8098)
http://www.securityfocus.com/bid/4032
(VENDOR_ADVISORY)  BID  4032
http://online.securityfocus.com/archive/1/254426
(VENDOR_ADVISORY)  BUGTRAQ  20020206 Multiple Buffer Overflows in Oracle 9iAS
http://xforce.iss.net/static/8097.php
(UNKNOWN)  XF  oracle-appserver-plsql-cache-bo(8097)
http://xforce.iss.net/static/8096.php
(UNKNOWN)  XF  oracle-appserver-plsql-authclient-bo(8096)
http://xforce.iss.net/static/8095.php
(UNKNOWN)  XF  oracle-appserver-plsql-bo(8095)
http://www.nextgenss.com/papers/hpoas.pdf
(UNKNOWN)  MISC  http://www.nextgenss.com/papers/hpoas.pdf
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
(UNKNOWN)  CONFIRM  http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf

- 漏洞信息

Oracle 9iAS PL/SQL Apache模块存在多个缓冲区溢出漏洞
高危 边界条件错误
2002-07-03 00:00:00 2005-10-20 00:00:00
远程  
        
        Oracle 9iAS(Application Server)的web服务使用的是Apache web Server,它提供了多种应用环境,包括SOAP, PL/SQL, XSQL 以及JSP。
        Oracle 9iAS的PL/SQL Apache模块中存在多个缓冲区溢出漏洞,运行远程攻击者执行任意代码。
        PL/SQL 模块允许远程用户调用由oracle数据库服务器中的某个PL/SQL package导出的过程。这个模块中存在多个缓冲区溢出漏洞,具体方式为:
        1. 通过向plsql模块发送一个超长的请求
        2. 在HTTP客户端的认证头中设置一个超长的口令域
        3. 在缓存表单中使用一个超长的缓存目录名
        4. 在"adddad"表单中设置一个超长的口令。
        攻击者可以利用上述漏洞远程执行任意代码。在Windows NT/2000系统下,Oracle apache web服务器缺省运行在local SYSTEM帐号环境下,这意味着攻击者可以远程获取对系统的完全控制权。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 在边界防火墙或者主机防火墙上限制对Oracle Apache web server 80/TCP端口的访问。
        * 对于Windows NT/2000系统,应该创建一个普通用户,并让oracle进程以该用户身份运行。该用户需要赋予"Logon as a service"权限。
        厂商补丁:
        Oracle
        ------
        Oracle已经为此漏洞提供了相应补丁程序,CNNVD建议您随时关注厂商主页以获取相关补丁:
        
        http://metalink.oracle.com

- 漏洞信息

9466
Oracle PL/SQL Module Help Page HTTP Location Header Overflow
Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-02-06 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
Boundary Condition Error 4032
Yes No
2002-02-06 12:00:00 2009-07-11 09:56:00
Discovered by David Litchfield (david@nextgenss.com) of Next Generation Security Software.

- 受影响的程序版本

Stonesoft StoneBeat GUI 2.0 0.3
Stonesoft StoneBeat GUI 2.0 .0.3
Oracle Oracle9i Standard Edition 9.0.1
Oracle Oracle9i Standard Edition 9.0
Oracle Oracle9i Application Server Web Cache 2.0 .0.3
- Oracle Oracle9i Application Server
Oracle Oracle9i Application Server Web Cache 2.0 .0.2 NT
- Oracle Oracle9i Application Server
Oracle Oracle9i Application Server Web Cache 2.0 .0.2
- Oracle Oracle9i Application Server
Oracle Oracle9i Application Server Web Cache 2.0 .0.1
- Oracle Oracle9i Application Server
Oracle Oracle9i Application Server Web Cache 2.0 .0.0
- Oracle Oracle9i Application Server
Oracle Oracle9i Application Server 1.0.2
Oracle Oracle8i Standard Edition 8.1.7 .1
Oracle Oracle8i Standard Edition 8.1.7

- 漏洞讨论

The Oracle 9iAS web service is powered by the Apache webserver. Included is an Apache module for PL/SQL support.

The Oracle 9iAS PL/SQL module is vulnerable to several buffer overflow conditions. Exploitation of these conditions may allow for attackers to execute arbitrary code remotely.

On Windows based systems, the module is run within the local SYSTEM security context. On Unix systems, the webserver may run with user-level privileges.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Fixes available:


Oracle Oracle9i Application Server 1.0.2

Oracle Oracle8i Standard Edition 8.1.7

Oracle Oracle8i Standard Edition 8.1.7 .1

Oracle Oracle9i Standard Edition 9.0.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站