[原文]Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers.
Oracle Application Server Forms 'buffered records' Temp File Information Disclosure
Local Access Required
Loss of Confidentiality
Oracle Application Server contains a flaw in the Oracle Forms componentthat may lead to an unauthorized information disclosure. The issue is triggered when the number of records in a Oracle Forms application retrieved from the database exceeds the parameter "buffered records", and a temp file is created to hold a copy of the database table which will disclose database record information resulting in a loss of confidentiality.
Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch (Critical Patch Update - July 2005) to address this vulnerability.