CVE-2004-2229
CVSS4.6
发布时间 :2004-12-31 00:00:00
修订时间 :2008-09-05 16:43:33
NMCO    

[原文]Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges.


[CNNVD]Oracle 9i Lite多个未明安全漏洞(CNNVD-200412-330)

        
        Oracle 9i Lite是Oracle在移动数据库上的产品。
        Oracle 9i Lite存在多个未明安全问题,如果Oracle9i Lite Mobile Server安装的情况下,远程攻击者可以利用这些漏洞未授权访问Oracle数据库服务程序。
        目前没有详细漏洞细节提供。
        Oracle 9i Lite versions 5.0.0.0.0到5.0.2.9.0存在此漏洞,用户运行EBusiness 11i with Mobile Field Service Laptop和使用Oracle9i Lite Mobile Server的Pocket PC也存在此问题。
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:oracle:database_server_lite:5.0Oracle Oracle9i Lite 5.0
cpe:/a:oracle:database_server_lite:5.0.2.0.0Oracle Oracle9i Lite 5.0.2.0.0
cpe:/a:oracle:database_server_lite:5.0.1.0.0Oracle Oracle9i Lite 5.0.1.0.0
cpe:/a:oracle:database_server_lite:5.0.2.9.0Oracle Oracle9i Lite 5.0.2.9.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2229
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2229
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-330
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/15269
(PATCH)  XF  oracle-mobile-gain-access(15269)
http://www.securityfocus.com/bid/9704
(PATCH)  BID  9704
http://secunia.com/advisories/10938
(VENDOR_ADVISORY)  SECUNIA  10938
http://otn.oracle.com/deploy/security/pdf/2004alert63.pdf
(VENDOR_ADVISORY)  CONFIRM  http://otn.oracle.com/deploy/security/pdf/2004alert63.pdf
http://www.osvdb.org/4022
(UNKNOWN)  OSVDB  4022

- 漏洞信息

Oracle 9i Lite多个未明安全漏洞
中危 输入验证
2004-12-31 00:00:00 2005-10-20 00:00:00
远程  
        
        Oracle 9i Lite是Oracle在移动数据库上的产品。
        Oracle 9i Lite存在多个未明安全问题,如果Oracle9i Lite Mobile Server安装的情况下,远程攻击者可以利用这些漏洞未授权访问Oracle数据库服务程序。
        目前没有详细漏洞细节提供。
        Oracle 9i Lite versions 5.0.0.0.0到5.0.2.9.0存在此漏洞,用户运行EBusiness 11i with Mobile Field Service Laptop和使用Oracle9i Lite Mobile Server的Pocket PC也存在此问题。
        

- 公告与补丁

        厂商补丁:
        Oracle
        ------
        Oracle已经为此发布了一个安全公告(OracleSA#63)以及相应补丁:
        OracleSA#63:Security Vulnerabilities in Oracle9i Lite
        链接:
        http://otn.oracle.com/deploy/security/pdf/2004alert63.pdf

        针对Oracle9i Lite versions 5.0.0.0.0, 5.0.1.0.0, 和5.0.2.0.0的补丁下载:
        
        http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=261992.1

        不过运行5.0.0.0.0和5.0.1.0.0版本的用户必须升级到5.0.2.0.0之后采用此补丁。

- 漏洞信息

4022
Oracle9i Lite Unauthorized Access Bypass
Local Access Required Authentication Management
Loss of Confidentiality, Loss of Integrity
Vendor Verified

- 漏洞描述

Oracle9i Lite contains a flaw that may allow an authenticated, knowledgeable and malicious user to gain unauthorized access to a connected Oracle database server if the Oracle9i Lite Mobile Server is installed. This vulnerability is not exploitable by unauthenticated users of Oracle9i Lite Mobile Server. It is possible that the flaw may allow unauthorised access resulting in a loss of confidentiality and integrity.

- 时间线

2004-02-18 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability. For the patch set download procedures and for the Patch Availability for this alert, See references. Please note that there are no plans to release a patch set for Oracle9i Lite Version 5.0.0.0.0 or Oracle9i Lite Version 5.0.1.0.0. Customers running Oracle9i Lite Version 5.0.1.0.0 or earlier must upgrade to Oracle9i Lite Version 5.0.2.0.0 before applying the patch set.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站