发布日期：2004-08-04
更新日期：2004-09-06

受影响系统：

Oracle Oracle 8i Enterprise Edition 8.1.7.1.0
Oracle Oracle 8i Enterprise Edition 8.1.7.0.0
Oracle Oracle 8i Enterprise Edition 8.1.6.1.0
Oracle Oracle 8i Enterprise Edition 8.1.6.0.0
Oracle Oracle 8i Enterprise Edition 8.1.5.1.0
Oracle Oracle 8i Enterprise Edition 8.1.5.0.2
Oracle Oracle 8i Enterprise Edition 8.1.5.0.0
Oracle Oracle 8i Enterprise Edition 8.0.6.0.1
Oracle Oracle 8i Enterprise Edition 8.0.6.0.0
Oracle Oracle 8i Enterprise Edition 8.0.5.0.0
Oracle Oracle9i Standard Edition 9.2.0.4
Oracle Oracle9i Standard Edition 9.2.0.1
Oracle Oracle9i Release 2 9.2.2
Oracle Oracle9i Release 2 9.2.1
Oracle Oracle9i Personal Edition 9.2.0.4
Oracle Oracle9i Personal Edition 9.2.0.1
Oracle Oracle9i Enterprise Edition 9.2.0.4
Oracle Oracle9i Enterprise Edition 9.2.0.1
Oracle Oracle9i 9.2.0.3
Oracle Oracle9i 9.2.0.2
Oracle Oracle9i 9.2.0.1
Oracle Oracle9i 9.2
Oracle Oracle9i 9.0.2
Oracle Oracle9i 9.0.1.4
Oracle Oracle9i 9.0.1.3
Oracle Oracle9i 9.0.1.2
Oracle Oracle9i 9.0.1
Oracle Oracle9i 9.0
Oracle Oracle10g Application Server 9.0.4.0
Oracle Oracle10g Application Server 10.1.0.2
Oracle Oracle10g Enterprise Edition 9.0.4.0
Oracle Oracle10g Enterprise Edition 10.1.0.2
Oracle Oracle10g Personal Edition 9.0.4.0
Oracle Oracle10g Personal Edition 10.1.0.2
Oracle Oracle10g Standard Edition 9.0.4.0
Oracle Oracle10g Standard Edition 10.1.0.2

描述：

---

BUGTRAQ  ID: 10871
CVE(CAN) ID: CVE-2004-1362

Oracle Database是一款商业性质大型数据库系统。

Oracle数据库存在多个缓冲区溢出和拒绝服务问题，远程攻击者可以利用这个漏洞控制数据库或进行拒绝服务攻击。

多个组织发现Oracle数据库和应用服务程序存在多个漏洞，其中范围包括缓冲区溢出，PL/SQL注入，字符集转换错误和拒绝服务攻击。

具体漏洞信息可参看如下地址获得：

http://www.appsecinc.com/resources/alerts/oracle/2004-0001/

<*来源：David Litchfield （david@nextgenss.com）
  
  链接：http://www.appsecinc.com/resources/alerts/oracle/2004-0001/
*>

建议：

---

厂商补丁：

Oracle
------
客户可以联系供应商下载补丁程序：

http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=281189.1

浏览次数：3940
严重程度：0（网友投票）