Oracle数据库服务器EXTPROC远程缓冲区溢出漏洞(1)
发布日期:2003-07-26更新日期:2003-07-31 受影响系统:Oracle Oracle8i Standard Edition 9.2 .0.2Oracle Oracle8i Standard Edition 9.2 .0.1Oracle Oracle8i Standard Edition 9.0.2Oracle Oracle8i Standard Edition 9.0.1 .4Oracle Oracle8i Standard Edition 9.0.1 .3Oracle Oracle8i Standard Edition 9.0.1 .2Oracle Oracle8i Standard Edition 9.0.1Oracle Oracle8i Standard Edition 9.0Oracle Oracle8i Standard Edition 8.1.7 .4Oracle Oracle8i Standard Edition 8.1.7 .1Oracle Oracle8i Standard Edition 8.1.7 .0.0Oracle Oracle8i Standard Edition 8.1.7Oracle Oracle8i Standard Edition 8.1.6Oracle Oracle8i Standard Edition 8.1.5Oracle Oracle8i Personal Edition 9.2 .0.2Oracle Oracle8i Personal Edition 9.2 .0.1Oracle Oracle8i Personal Edition 9.0.1Oracle Oracle8i Enterprise Edition 9.2 .0.2Oracle Oracle8i Enterprise Edition 9.2 .0.1Oracle Oracle8i Enterprise Edition 9.0.1Oracle Oracle8i Enterprise Edition 8.1.7 .1.0Oracle Oracle8i Enterprise Edition 8.1.7 .0.0Oracle Oracle8i Enterprise Edition 8.1.6 .1.0Oracle Oracle8i Enterprise Edition 8.1.6 .0.0Oracle Oracle8i Enterprise Edition 8.1.5 .1.0Oracle Oracle8i Enterprise Edition 8.1.5 .0.2Oracle Oracle8i Enterprise Edition 8.1.5 .0.0Oracle Oracle8i Client Edition 9.2 .0.2Oracle Oracle8i Client Edition 9.2 .0.1描述:--------------------------------------------------------------------------------BUGTRAQ ID: 8267 Oracle Database是一款商业性质大型数据库系统。 Oracle数据库使用EXTPROC时对库名缺少正确的缓冲区边界检查,远程攻击者可以利用这个漏洞对数据库服务进行缓冲区溢出攻击,可能以数据库进程权限在系统上执行任意指令。 Oracle可以通过调用操作系统的库来扩展存储过程,任何库可被extproc装载。NGSSoftware发现一个漏洞,Oracle可以允许攻击者迫使extproc装载任何操作系统库和执行任何功能。攻击者不需要用户ID或密码。Oracle对此漏洞进行了跟踪和修复,除非本地机器调用extproc来装载库,否则远程的装载库操作将会被记录并拒绝,但是,这个记录过程存在典型的缓冲区溢出攻击,通过提供超长库名,当记录时会发生缓冲区溢出,通过精心构建提交数据,在Windows系统下,可以LOCAL SYSTEM权限在系统上执行任意指令,而在Unix系统下,将以'Orace'用户权限执行。 <*来源:NGSSoftware Insight Security Research (nisr@nextgenss.com)
受影响系统:Oracle Oracle8i Standard Edition 9.2 .0.2Oracle Oracle8i Standard Edition 9.2 .0.1Oracle Oracle8i Standard Edition 9.0.2Oracle Oracle8i Standard Edition 9.0.1 .4Oracle Oracle8i Standard Edition 9.0.1 .3Oracle Oracle8i Standard Edition 9.0.1 .2Oracle Oracle8i Standard Edition 9.0.1Oracle Oracle8i Standard Edition 9.0Oracle Oracle8i Standard Edition 8.1.7 .4Oracle Oracle8i Standard Edition 8.1.7 .1Oracle Oracle8i Standard Edition 8.1.7 .0.0Oracle Oracle8i Standard Edition 8.1.7Oracle Oracle8i Standard Edition 8.1.6Oracle Oracle8i Standard Edition 8.1.5Oracle Oracle8i Personal Edition 9.2 .0.2Oracle Oracle8i Personal Edition 9.2 .0.1Oracle Oracle8i Personal Edition 9.0.1Oracle Oracle8i Enterprise Edition 9.2 .0.2Oracle Oracle8i Enterprise Edition 9.2 .0.1Oracle Oracle8i Enterprise Edition 9.0.1Oracle Oracle8i Enterprise Edition 8.1.7 .1.0Oracle Oracle8i Enterprise Edition 8.1.7 .0.0Oracle Oracle8i Enterprise Edition 8.1.6 .1.0Oracle Oracle8i Enterprise Edition 8.1.6 .0.0Oracle Oracle8i Enterprise Edition 8.1.5 .1.0Oracle Oracle8i Enterprise Edition 8.1.5 .0.2Oracle Oracle8i Enterprise Edition 8.1.5 .0.0Oracle Oracle8i Client Edition 9.2 .0.2Oracle Oracle8i Client Edition 9.2 .0.1描述:--------------------------------------------------------------------------------BUGTRAQ ID: 8267
Oracle Database是一款商业性质大型数据库系统。
Oracle数据库使用EXTPROC时对库名缺少正确的缓冲区边界检查,远程攻击者可以利用这个漏洞对数据库服务进行缓冲区溢出攻击,可能以数据库进程权限在系统上执行任意指令。
Oracle可以通过调用操作系统的库来扩展存储过程,任何库可被extproc装载。NGSSoftware发现一个漏洞,Oracle可以允许攻击者迫使extproc装载任何操作系统库和执行任何功能。攻击者不需要用户ID或密码。Oracle对此漏洞进行了跟踪和修复,除非本地机器调用extproc来装载库,否则远程的装载库操作将会被记录并拒绝,但是,这个记录过程存在典型的缓冲区溢出攻击,通过提供超长库名,当记录时会发生缓冲区溢出,通过精心构建提交数据,在Windows系统下,可以LOCAL SYSTEM权限在系统上执行任意指令,而在Unix系统下,将以'Orace'用户权限执行。
<*来源:NGSSoftware Insight Security Research (nisr@nextgenss.com)
