Oracle互联网目录格式串漏洞

漏洞信息详情

Oracle互联网目录格式串漏洞

• CNNVD编号：CNNVD-200107-108
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2001-0974
  
• 漏洞类型：
  
  
  格式化字符串
  
• 发布时间：
  
  2001-07-17
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  oracle
• 漏洞来源：
  The vulnerabilitie…

Oracle Internet Directory Server (LDAP) 2.1.1.x 和3.0.1版本存在目录格式串漏洞。远程攻击者执行任意代码，正如测试套件。

Vendor-supplied updates that rectify this issue are available:
1) OID release 3.0.1.0.0 (shipping with Oracle9i) on all Unix platforms
2) OID release 3.0.1.0.0 (shipping with Oracle9i) on Windows
3) OID release 2.1.1.3.0 (shipping with Oracle8i) on Solaris
Download the patchset for your platform from Oracle’s Worldwide Support web site, Metalink,
http://metalink.oracle.com.
The patch number for OID release 2.1.1.3.0 is 1888945
The patch number for OID release 3.0.1.0.0 is 1888998

来源:US-CERT Vulnerability Note: VU#869184
名称: VU#869184
链接:http://www.kb.cert.org/vuls/id/869184

来源:CERT/CC Advisory: CA-2001-18
名称: CA-2001-18
链接:http://www.cert.org/advisories/CA-2001-18.html

来源: XF
名称: oracle-ldap-protos-format-string(6903)
链接:http://xforce.iss.net/static/6903.php

来源: BID
名称: 3048
链接:http://www.securityfocus.com/bid/3048

来源: CIAC
名称: L-116
链接:http://www.ciac.org/ciac/bulletins/l-116.shtml