CVE-2003-0634
CVSS7.5
发布时间 :2003-08-27 00:00:00
修订时间 :2016-10-17 22:36:11
NMCOS    

[原文]Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name.


[CNNVD]Oracle数据库服务器EXTPROC远程缓冲区溢出漏洞(CNNVD-200308-138)

        
        Oracle Database是一款商业性质大型数据库系统。
        Oracle数据库使用EXTPROC时对库名缺少正确的缓冲区边界检查,远程攻击者可以利用这个漏洞对数据库服务进行缓冲区溢出攻击,可能以数据库进程权限在系统上执行任意指令。
        Oracle可以通过调用操作系统的库来扩展存储过程,任何库可被extproc装载。NGSSoftware发现一个漏洞,Oracle可以允许攻击者迫使extproc装载任何操作系统库和执行任何功能。攻击者不需要用户ID或密码。Oracle对此漏洞进行了跟踪和修复,除非本地机器调用extproc来装载库,否则远程的装载库操作将会被记录并拒绝,但是,这个记录过程存在典型的缓冲区溢出攻击,通过提供超长库名,当记录时会发生缓冲区溢出,通过精心构建提交数据,在Windows系统下,可以LOCAL SYSTEM权限在系统上执行任意指令,而在Unix系统下,将以'Orace'用户权限执行。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:oracle:oracle9i:personal_9.2.0.2
cpe:/a:oracle:oracle8i:enterprise_8.1.5_.0.0
cpe:/a:oracle:oracle9i:client_9.2.0.1
cpe:/a:oracle:oracle9i:standard_9.0
cpe:/a:oracle:oracle9i:client_9.2.0.2
cpe:/a:oracle:oracle9i:standard_9.2.0.2
cpe:/a:oracle:oracle9i:standard_9.2.0.1
cpe:/a:oracle:oracle8i:enterprise_8.1.7_.0.0
cpe:/a:oracle:oracle8i:enterprise_8.1.7_.1.0
cpe:/a:oracle:oracle8i:standard_8.1.7_.1
cpe:/a:oracle:oracle8i:standard_8.1.7_.4
cpe:/a:oracle:oracle9i:enterprise_9.0.1
cpe:/a:oracle:oracle9i:standard_9.0.2
cpe:/a:oracle:oracle9i:personal_9.2.0.1
cpe:/a:oracle:oracle9i:standard_9.0.1
cpe:/a:oracle:oracle8i:standard_8.1.7
cpe:/a:oracle:oracle8i:enterprise_8.1.5_.1.0
cpe:/a:oracle:oracle8i:standard_8.1.5
cpe:/a:oracle:oracle9i:enterprise_9.2.0.1
cpe:/a:oracle:oracle9i:standard_9.0.1.3
cpe:/a:oracle:oracle9i:enterprise_9.2.0.2
cpe:/a:oracle:oracle9i:standard_9.0.1.2
cpe:/a:oracle:oracle9i:standard_9.0.1.4
cpe:/a:oracle:oracle9i:personal_9.0.1
cpe:/a:oracle:oracle8i:enterprise_8.1.5_.0.2
cpe:/a:oracle:oracle8i:standard_8.1.6
cpe:/a:oracle:oracle8i:standard_8.1.7_.0.0
cpe:/a:oracle:oracle8i:enterprise_8.1.6_.0.0
cpe:/a:oracle:oracle8i:enterprise_8.1.6_.1.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0634
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0634
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200308-138
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html
(UNKNOWN)  VULNWATCH  20030912 Update to the Oracle EXTPROC advisory
http://marc.info/?l=bugtraq&m=105914979629857&w=2
(UNKNOWN)  BUGTRAQ  20030725 Oracle Extproc Buffer Overflow (#NISR25072003)
http://marc.info/?l=bugtraq&m=105916455814904&w=2
(UNKNOWN)  BUGTRAQ  20030725 question about oracle advisory
http://marc.info/?l=ntbugtraq&m=105915485303327&w=2
(UNKNOWN)  NTBUGTRAQ  20030725 Oracle Extproc Buffer Overflow (#NISR25072003)
http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf
(UNKNOWN)  CONFIRM  http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf
http://www.kb.cert.org/vuls/id/936868
(UNKNOWN)  CERT-VN  VU#936868
http://www.securityfocus.com/bid/8267
(VENDOR_ADVISORY)  BID  8267
http://xforce.iss.net/xforce/xfdb/12721
(UNKNOWN)  XF  oracle-extproc-bo(12721)

- 漏洞信息

Oracle数据库服务器EXTPROC远程缓冲区溢出漏洞
高危 边界条件错误
2003-08-27 00:00:00 2006-05-01 00:00:00
远程  
        
        Oracle Database是一款商业性质大型数据库系统。
        Oracle数据库使用EXTPROC时对库名缺少正确的缓冲区边界检查,远程攻击者可以利用这个漏洞对数据库服务进行缓冲区溢出攻击,可能以数据库进程权限在系统上执行任意指令。
        Oracle可以通过调用操作系统的库来扩展存储过程,任何库可被extproc装载。NGSSoftware发现一个漏洞,Oracle可以允许攻击者迫使extproc装载任何操作系统库和执行任何功能。攻击者不需要用户ID或密码。Oracle对此漏洞进行了跟踪和修复,除非本地机器调用extproc来装载库,否则远程的装载库操作将会被记录并拒绝,但是,这个记录过程存在典型的缓冲区溢出攻击,通过提供超长库名,当记录时会发生缓冲区溢出,通过精心构建提交数据,在Windows系统下,可以LOCAL SYSTEM权限在系统上执行任意指令,而在Unix系统下,将以'Orace'用户权限执行。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * Oracle建议用户限制用户对CREATE LIBRARY和CREAT ANY LIBRARY的使用。要检查你是否拥有CREATE LIBRARY和CREAT ANY LIBRARY使用权力,可执行如下操作:
        select grantee, privilege from dba_privilege where privilege like 'CREATE%LIBRARY';
        厂商补丁:
        Oracle
        ------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.oracle.com

- 漏洞信息

2297
Oracle PL/SQL Package for External Procedures (EXTPROC) Functionality Library Name Overflow
Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

- 时间线

2003-07-23 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Oracle Database Server EXTPROC Buffer Overflow Vulnerability
Boundary Condition Error 8267
Yes No
2003-07-24 12:00:00 2009-07-11 10:56:00
Discovery is credited to David Litchfield and Chris Anley of Next Generation Security Software Ltd.

- 受影响的程序版本

Oracle Oracle9i Standard Edition 9.2 .0.2
Oracle Oracle9i Standard Edition 9.2 .0.1
Oracle Oracle9i Standard Edition 9.0.2
Oracle Oracle9i Standard Edition 9.0.1 .4
Oracle Oracle9i Standard Edition 9.0.1 .3
Oracle Oracle9i Standard Edition 9.0.1 .2
Oracle Oracle9i Standard Edition 9.0.1
Oracle Oracle9i Standard Edition 9.0
Oracle Oracle9i Personal Edition 9.2 .0.2
Oracle Oracle9i Personal Edition 9.2 .0.1
Oracle Oracle9i Personal Edition 9.0.1
Oracle Oracle9i Enterprise Edition 9.2 .2
Oracle Oracle9i Enterprise Edition 9.2 .0.1
Oracle Oracle9i Enterprise Edition 9.0.1
Oracle Oracle9i Client Edition 9.2 .0.2
Oracle Oracle9i Client Edition 9.2 .0.1
Oracle Oracle8i Standard Edition 8.1.7 .4
Oracle Oracle8i Standard Edition 8.1.7 .1
Oracle Oracle8i Standard Edition 8.1.7 .0.0
Oracle Oracle8i Standard Edition 8.1.7
Oracle Oracle8i Standard Edition 8.1.6
Oracle Oracle8i Standard Edition 8.1.5
Oracle Oracle8i Enterprise Edition 8.1.7 .1.0
Oracle Oracle8i Enterprise Edition 8.1.7 .0.0
Oracle Oracle8i Enterprise Edition 8.1.6 .1.0
Oracle Oracle8i Enterprise Edition 8.1.6 .0.0
Oracle Oracle8i Enterprise Edition 8.1.5 .1.0
Oracle Oracle8i Enterprise Edition 8.1.5 .0.2
Oracle Oracle8i Enterprise Edition 8.1.5 .0.0

- 漏洞讨论

The EXTPROC executable used by the Oracle Database Server is prone to a buffer overflow. Successful exploitation could result in arbitrary code execution with potentially elevated privileges.

** This issue is reportedly related to BID 4033. A reliable source has indicated that Oracle patches for the issue described in BID 4033 introduce this issue. Symantec has not been able to confirm this information.

- 漏洞利用

The discoverer of this vulnerability has reportedly developed a working exploit that is not publically available or known to be circulating in the wild.

- 解决方案

Oracle has made fixes available. Administrators can download the patches at http://metalink.oracle.com.

The attached Oracle advisory also contains a release schedule for patches across all supported platforms.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站