Oracle数据库服务器ctxsys.driload访问验证漏洞

漏洞信息详情

Oracle数据库服务器ctxsys.driload访问验证漏洞

• CNNVD编号：CNNVD-200409-009
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-0637
  
• 漏洞类型：
  
  
  代码注入
  
• 发布时间：
  
  2004-09-02
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-05-01
  
• 厂        商：
  
  oracle
• 漏洞来源：
  Discovery is credi…

Oracle数据库服务器8.1.7.4 到9.2.0.4版本存在漏洞。本地用户借助可以被公开访问的ctxsys.driload数据包执行有附加权限的命令。

Oracle has released an alert (#68) and a patch to address these issues. Information regarding obtaining and applying an appropriate patch can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=281189.1
It should be noted that a valid subscription to the metalink service is required in order to view this document.
It is reported that software conflicts may arise when these patches are installed against binaries that have already had patches installed. Additionally, although Oracle 9i 9.2.x.x database server is supported, it is reported that customers may be required to update to versions 9.2.0.4/9.2.0.5 prior to applying these patches. This action might also be required for other releases and products. Customers are advised to contact the vendor for further information and support in regards to the installation of appropriate updates.
A message from “David Litchfield” is available that states that some of the vulnerabilities in alert #68 may not have been successfully fixed by Oracle. Users of affected packages should refer to the referenced message, and contact their vendor for further information on the status of fixes.
A message from “NGSSoftware Insight Security Research” (Oracle October 2005 CPU Problems) states that there is a flaw in the fix for the CTXSYS component of Oracle 8.1.7.4 on all platforms. Please see the referenced message for further details on this issue.
@nextgenss.com>@ngssoftware.com>

来源:US-CERT Vulnerability Note: VU#316206
名称: VU#316206
链接:http://www.kb.cert.org/vuls/id/316206

来源: IDEFENSE
名称: 20040902 Oracle Database Server ctxsys.driload Access Validation Vulnerability
链接:http://www.idefense.com/application/poi/display?id=136&type=vulnerabilities&flashstatus=true

来源: SECUNIA
名称: 12409
链接:http://secunia.com/advisories/12409/

来源: BID
名称: 11099
链接:http://www.securityfocus.com/bid/11099