Oracle 9i数据库服务器iSQL Plus畸形USERID缓冲区溢出漏洞

漏洞信息详情

Oracle 9i数据库服务器iSQL Plus畸形USERID缓冲区溢出漏洞

• CNNVD编号：CNNVD-200211-021
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-1264
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2002-11-12
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-13
  
• 厂        商：
  
  oracle
• 漏洞来源：
  Discovery of this …

Oracle 9版本数据库服务器Oracle iSQL*Plus web应用程序存在缓冲区溢出漏洞。远程攻击者可以借助isqlplus URL的超长USERID参数执行任意代码。

Oracle has released an alert for this vulnerability. Further details may be found in the referenced advisory.
Oracle Oracle9i Standard Edition 9.0

• Oracle 2581911
  
  http://metalink.oracle.com

Oracle Oracle9i Standard Edition 9.0.1

• Oracle 2581911
  
  http://metalink.oracle.com

Oracle Oracle9i Standard Edition 9.0.1 .2

• Oracle 2581911
  
  http://metalink.oracle.com

Oracle Oracle9i Standard Edition 9.0.1 .3

• Oracle 2581911
  
  http://metalink.oracle.com

Oracle Oracle9i Standard Edition 9.0.2

• Oracle 2581911
  
  http://metalink.oracle.com

Oracle Oracle9i Standard Edition 9.2 .0.1

• Oracle 2581911
  
  http://metalink.oracle.com

Oracle Oracle9i Standard Edition 9.2 .0.2

• Oracle 2581911
  
  http://metalink.oracle.com

来源: XF
名称: oracle-isqlplus-userid-bo(10524)
链接:http://www.iss.net/security_center/static/10524.php

来源: technet.oracle.com
链接:http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf

来源: BUGTRAQ
名称: 20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103643298712284&w=2

来源: BID
名称: 6085
链接:http://www.securityfocus.com/bid/6085

来源: OSVDB
名称: 4013
链接:http://www.osvdb.org/4013

来源: VULNWATCH
名称: 20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html