 |
Oracle 2006年10月更新修复多个安全漏洞 |
|
|
| Oracle 2006年10月更新修复多个安全漏洞 |
|
| 作者:佚名 文章来源:不详 点击数: 更新时间:2007-1-26 15:09:01 |
|
2006-10-23 10:24:34
发布日期:2006-10-17
更新日期:2006-10-19
受影响系统:Oracle E-Business Suite 11i 11.5.7 - 11.5.10 CU2
Oracle E-Business Suite 11.0
Oracle Database 10g Release 1 10.1.0.5
Oracle Database 10g Release 1 10.1.0.4
Oracle Oracle9i Database Server Release 2 9.2.0.7
Oracle Oracle9i Database Server Release 2 9.2.0.6
Oracle Oracle8i Database Server Release 3 8.1.7.4
Oracle Application Server 10g Release 2 10.1.2.1.0
Oracle Application Server 10g Release 2 10.1.2.0.0 - 10.1.2.0.2
Oracle Application Server 10g Release 1 (9.0.4) 9.0.4.3
Oracle Application Server 10g Release 1 (9.0.4) 9.0.4.2
Oracle Collaboration Suite 10g Release 1 10.1.2.0
Oracle Oracle9i Collaboration Suite Release 2 9.0.4.2
Oracle PeopleSoft Enterprise Tools 8.48
Oracle PeopleSoft Enterprise Tools 8.47
Oracle PeopleSoft Enterprise Tools 8.46
Oracle PeopleSoft Enterprise Tools 8.22
Oracle Database 10g Release 2 10.2.0.2
Oracle Database 10g Release 2 10.2.0.1
Oracle Pharmaceutical Applications 4.5.0 - 4.5.1
Oracle Application Server 10g Release 3 10.1.3.0.0
Oracle PeopleSoft Enterprise Portal Solutions Enterprise Portal,8.9
Oracle PeopleSoft Enterprise Portal Solutions Enterprise Portal,8.8
Oracle Application Express 1.5 - 2.0
Oracle JD Edwards EnterpriseOne Tools 8.96
Oracle JD Edwards EnterpriseOne Tools 8.95
Oracle JD Edwards OneWorld Tools SP23 描述:
Oracle Database是一款商业性质大型数据库系统。
Oracle发布了2006年10月的紧急补丁更新公告,修复了多个Oracle产品中的多个漏洞。这些漏洞影响Oracle产品的所有安全属性,可导致本地和远程的威胁。其中一些漏洞可能需要各种级别的授权,但也有些不需要任何授权。最严重的漏洞可能导致完全入侵数据库系统。目前已知的漏洞包括:
1) 以下软件包在处理SQL查询时存在SQL注入漏洞:
* DBMS_XDBZ
* SDO_DROP_USER_BEFORE
* MD2
* DBMS_CDC_IMPDP
* DBMS_CDC_IPUBLISH
* DBMS_CDC_ISUBSCRIBE
* DBMS_SQLTUNE
* SDO_GEOR_INT
* XDB_PITRIG_PKG
* SDO_DROP_USER
* SDO_CS
2) MD2和SDO_GEOM软件包的RELATE函数、SDO_3GL软件包的GEOM_OPERATION函数以及SDO_CS软件包的TRANSFORM_LAYER函数存在缓冲区溢出漏洞。
<*来源:Johannes Fahrenkrug
Sacha Faust
Esteban Martinez Fayo
Alexander Kornbrust (ak@red-database-security.com)
David Litchfield (david@nextgenss.com)
Andrew Maksimenko
链接:http://secunia.com/advisories/22396/
http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html
http://www.us-cert.gov/cas/techalerts/TA06-291A.html
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html
*>
建议:
厂商补丁:
Oracle
------
Oracle已经为此发布了一个安全公告(cpuoct2006)以及相应补丁:
cpuoct2006:Oracle Critical Patch Update - October 2006
链接:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html
|
|
| 新闻录入:admin 责任编辑:admin |
|
|
上一篇新闻: XORP OSPF链路状态通告拒绝服务漏洞
下一篇新闻: Asterisk chan_skinny远程缓冲区溢出漏洞 |
|
|
| 【字体:小 大】【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】 |
|
|
 网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!) |
|
|
|
|
|
