|
|
Oracle Database Server EXTPROC远程缓冲区溢出漏洞
发布时间:2003-08-01
更新时间:2003-08-01
严重程度:高
威胁程度:远程管理员权限
错误类型:边界检查错误
利用方式:服务器模式
BUGTRAQ ID:8267
受影响系统Oracle Oracle8i Enterprise Edition 8.1.5 .1.0
Oracle Oracle8i Enterprise Edition 8.1.5 .0.2
Oracle Oracle8i Enterprise Edition 8.1.5 .0.0
Oracle Oracle8i Enterprise Edition 8.1.6 .1.0
Oracle Oracle8i Enterprise Edition 8.1.6 .0.0
Oracle Oracle8i Enterprise Edition 8.1.7 .1.0
Oracle Oracle8i Enterprise Edition 8.1.7 .0.0
Oracle Oracle8i Standard Edition 8.1.5
Oracle Oracle8i Standard Edition 8.1.6
Oracle Oracle8i Standard Edition 8.1.7 .4
Oracle Oracle8i Standard Edition 8.1.7 .1
Oracle Oracle8i Standard Edition 8.1.7 .0.0
Oracle Oracle8i Standard Edition 8.1.7
Oracle Oracle9i Client Edition 9.2 .0.2
Oracle Oracle9i Client Edition 9.2 .0.1
Oracle Oracle9i Enterprise Edition 9.0.1
Oracle Oracle9i Enterprise Edition 9.2 .0.2
Oracle Oracle9i Enterprise Edition 9.2 .0.1
Oracle Oracle9i Personal Edition 9.0.1
Oracle Oracle9i Personal Edition 9.2 .0.2
Oracle Oracle9i Personal Edition 9.2 .0.1
Oracle Oracle9i Standard Edition 9.0
Oracle Oracle9i Standard Edition 9.0.1 .4
Oracle Oracle9i Standard Edition 9.0.1 .3
Oracle Oracle9i Standard Edition 9.0.1 .2
Oracle Oracle9i Standard Edition 9.0.1
Oracle Oracle9i Standard Edition 9.0.2
Oracle Oracle9i Standard Edition 9.2 .0.2
Oracle Oracle9i Standard Edition 9.2 .0.1 详细描述
Oracle's RDBMS是一款强大的数据库服务器,支持通过使用PL/SQL支持扩展过程,这些过程可以允许通过调用操作系统库来扩展。任何库装载可通过RDBMS的主要外部过程extproc来实现。
NGSSoftware发现Oracle允许攻击者使extproc装载任意操作系统库和执行任意功能,攻击者不需要用户ID或密码。ORACLE进行一定修补,对远程调用进行了记录并拒绝,只允许本地主机进行调用,但是在记录远程操作的时候,存在典型的缓冲区溢出,通过提交超长库名,可触发此漏洞。精心构建提交数据可以以数据库进程执行任意代码。
测试代码
尚无
解决方案
Oracle建议用户限制用户对CREATE LIBRARY和CREAT ANY LIBRARY的使用。检查是否拥有CREATE LIBRARY和CREAT ANY LIBRARY使用权力,可执行如下操作:
select grantee, privilege from dba_privilege where privilege like 'CREATE%LIBRARY';
Oracle为如下版本提供了补丁:
Oracle 9i Release 2, version 9.2.0.3
Oracle 9i Release 2, version 9.2.0.2
补丁下载:
http://metalink.oracle.com
相关信息
参考:http://www.securityfocus.com/archive/1/330474
http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf
|
