CVE-2002-0842
CVSS7.5
发布时间 :2003-03-03 00:00:00
修订时间 :2016-10-17 22:22:29
NMCS    

[原文]Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror().


[CNNVD]Oracle 9i应用服务器DAV_PUBLIC远程格式串溢出漏洞(CNNVD-200303-019)

        Oracle 9i应用服务器基于Apache Web服务器,支持SOAP、PL/SQL、XSQL、JSP等环境。
        Oracle 9i应用服务器使用的DAV模块在记录错误信息时存在格式串错误,远程攻击者可以利用这个漏洞构建恶意请求破坏Oralce进程的堆栈结构,可能以'Oralce'进程权限在系统上执行任意指令。攻击者通过构建恶意格式串发送给服务器,可导致覆盖堆栈中任意地址,可能以Oralce进程权限在系统上执行任意指令。成功利用此漏洞可以获得权限是在Linux/unix系统上为"Oracle"权限,而在Windows系统下Local System权限。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0842
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0842
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200303-019
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0076.html
(UNKNOWN)  VULNWATCH  20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
http://marc.info/?l=bugtraq&m=104549708626309&w=2
(UNKNOWN)  NTBUGTRAQ  20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
http://marc.info/?l=bugtraq&m=104559446010858&w=2
(UNKNOWN)  BUGTRAQ  20030218 CSSA-2003-007.0 Advisory withdrawn. Re: Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav mo
http://marc.info/?l=bugtraq&m=104560577227981&w=2
(UNKNOWN)  BUGTRAQ  20030218 Re: CSSA-2003-007.0 Advisory withdrawn.
http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf
(VENDOR_ADVISORY)  CONFIRM  http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf
http://www.cert.org/advisories/CA-2003-05.html
(UNKNOWN)  CERT  CA-2003-05
http://www.ciac.org/ciac/bulletins/n-046.shtml
(UNKNOWN)  CIAC  N-046
http://www.iss.net/security_center/static/11330.php
(VENDOR_ADVISORY)  XF  oracle-appserver-davpublic-dos(11330)
http://www.kb.cert.org/vuls/id/849993
(VENDOR_ADVISORY)  CERT-VN  VU#849993
http://www.nextgenss.com/advisories/ora-appservfmtst.txt
(UNKNOWN)  MISC  http://www.nextgenss.com/advisories/ora-appservfmtst.txt
http://www.securityfocus.com/bid/6846
(UNKNOWN)  BID  6846

- 漏洞信息

Oracle 9i应用服务器DAV_PUBLIC远程格式串溢出漏洞
高危 格式化字符串
2003-03-03 00:00:00 2012-11-30 00:00:00
远程  
        Oracle 9i应用服务器基于Apache Web服务器,支持SOAP、PL/SQL、XSQL、JSP等环境。
        Oracle 9i应用服务器使用的DAV模块在记录错误信息时存在格式串错误,远程攻击者可以利用这个漏洞构建恶意请求破坏Oralce进程的堆栈结构,可能以'Oralce'进程权限在系统上执行任意指令。攻击者通过构建恶意格式串发送给服务器,可导致覆盖堆栈中任意地址,可能以Oralce进程权限在系统上执行任意指令。成功利用此漏洞可以获得权限是在Linux/unix系统上为"Oracle"权限,而在Windows系统下Local System权限。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 编辑ORACLE_HOME/Apache/oradav/conf目录下的moddav.conf文件:
        更改如下行:
         DAV on
        
        为
         DAV off
        
        然后关闭文件,结果配置文件应该如下所示:
        Load/Module ORACLE_HOME/Apache/oradav/lib/mod_oradav.so
        #This is needed by mod_oradav to manage locks on WebDAV activity
        #against a local file system and contains lock information about all
        #WebDAV file resources.
        DAVLockDB ORACLE_HOME/Apache/oradav/var/DAVLock
        
        DAV off
        #For extra security, enable the ForceType directive below.
        #ForceType is used to prevent any scripts (jsp,php,…)
        #from being run. Since this is a public location and anyone
        #could upload a script and then execute it we need to be
        #careful we don't want it exploited. To preserve
        #mime types of files but to still protect against executables
        #see HTTP Admin Documentation on mod_oradav regarding ORAGetSource.
        #
        #ForceType text/plain
        

        厂商补丁:
        Oracle
        ------
        Oracle已经为此发布了一个安全公告(OracleSA#52)以及相应补丁:
        OracleSA#52:Two Vulnerabilities in Oracle9i Application Server
        链接:
        http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf

        Oracle已经发布补丁号为2602262的补丁,用户可以在Oracle Worldwide Support Services web site下载补丁:
        
        http://metalink.oracle.com

        点击补丁按钮,进入补丁WEB页面,输入BUG号码2602262下载。

- 漏洞信息

Oracle 9i Application Server mod_oradav Module Format String Vulnerability
Input Validation Error 6851
Yes No
2003-02-11 12:00:00 2009-07-11 08:06:00
Discovery of this vulnerability credited to David and Mark Litchfield.

- 受影响的程序版本

Oracle Oracle9i Application Server 9.0.3
Oracle Oracle9i Application Server 9.0.2

- 漏洞讨论

A vulnerability has been reported for Oracle 9i Application Server when the mod_oradav module is used.

Reportedly, an attacker may be able to exploit an issue with Oracle's 'dav_public' or 'dav_portal' folders and execute arbitrary code. This is due to an exploitable format string error in the mod_oradav module.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Oracle has made fixes available. Administrators can download the patches at http://metalink.oracle.com and entering Bug Number 2602262.

The attached Oracle advisory also contains a release schedule for patches across all supported platforms.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站