CVE-2003-1563
CVSS4.0
发布时间 :2003-12-31 00:00:00
修订时间 :2011-03-07 21:14:55
NMO    

[原文]Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration.


[CNNVD]CNNVD数据暂缺。


[机译]Sun Cluster 2.2的3.2 / Real Application Clusters的Oracle并行服务器(OPS / RAC)通过允许本地用户导致拒绝服务(群集节点恐慌或中止)启动一个守护进程监听一个TCP端口上,否则将被使用的

- CVSS (基础分值)

CVSS分值: 4 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:sun:cluster:3.0::sparc
cpe:/a:sun:cluster:3.2::sparc
cpe:/a:sun:cluster:3.1::sparc
cpe:/a:sun:cluster:2.2::sparc

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1563
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1563
(官方数据源) NVD

- 其它链接及资源

http://www.auscert.org.au/render.html?it=3672
(UNKNOWN)  AUSCERT  ESB-2003.0843
http://www.securityfocus.com/bid/9137
(UNKNOWN)  BID  9137
http://www.auscert.org.au/render.html?it=3672
(UNKNOWN)  SUNALERT  57428
http://sunsolve.sun.com/search/document.do?assetkey=1-26-200810-1
(UNKNOWN)  SUNALERT  200810
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101393-1
(UNKNOWN)  SUNALERT  101393

- 漏洞信息

2903
Sun Cluster TCP Port Conflict DoS
Denial of Service
Loss of Availability

- 漏洞描述

Sun Cluster contains a flaw that may allow a local denial of service. The issue is triggered when one Sun Cluster node joins or leaves the cluster, either by system processes or if a local user runs a client application that conflicts with the Cluster TCP port(s). It may cause a panic which leaves the node unconnected, and will result in loss of availability.

- 时间线

2003-11-25 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Sun has provided detailed workarounds for each version of the Cluster software. It is also recommended to grant only trusted users access to affected systems as well as not using the Sun Cluster for client applications.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站