首页 -> 安全研究
安全研究
安全漏洞
Oracle 2005年7月更新修复多个安全漏洞
发布日期:2005-07-13
更新日期:2005-07-13
受影响系统:
Oracle Database 10g Release 1 10.1.0.4描述:
Oracle Database 10g Release 1 10.1.0.3
Oracle Database 10g Release 1 10.1.0.2
Oracle Oracle9i Database Server Release 1 9.0.1.5 FIPS
Oracle Oracle9i Database Server Release 1 9.0.1.5
Oracle Oracle9i Database Server Release 1 9.0.1.4
Oracle Oracle9i Database Server Release 2 9.2.0.6
Oracle Oracle9i Database Server Release 2 9.2.0.5
Oracle Oracle8i Database Server Release 3 8.1.7.4
Oracle Oracle8i Database Server Release 3
Oracle Oracle8 Database Release 8.0.6 8.0.6.3
Oracle Enterprise Manager Grid Control 10g 10.1.0.3
Oracle Enterprise Manager Grid Control 10g 10.1.0.2
Oracle Enterprise Manager 10g Database Control 10.1.0.4
Oracle Enterprise Manager 10g Database Control 10.1.0.3
Oracle Enterprise Manager 10g Database Control 10.1.0.2
Oracle Enterprise Manager Application Server Control 9.0.4.1
Oracle Enterprise Manager Application Server Control 9.0.4.0
Oracle Application Server 10g (9.0.4) 9.0.4.1
Oracle Application Server 10g (9.0.4) 9.0.4.0
Oracle Oracle9i Application Server Release 2 9.0.3.1
Oracle Oracle9i Application Server Release 2 9.0.2.3
Oracle Oracle9i Application Server Release 1 1.0.2.2
Oracle Collaboration Suite Release 2 9.0.4.2
Oracle Collaboration Suite Release 2 9.0.4.1
Oracle E-Business Suite and Applications Release 11i 11.5.9
Oracle E-Business Suite and Applications Release 11i 11.5.8
Oracle E-Business Suite and Applications Release 11i 11.5.7
Oracle E-Business Suite and Applications Release 11i 11.5.6
Oracle E-Business Suite and Applications Release 11i 11.5.5
Oracle E-Business Suite and Applications Release 11i 11.5.4
Oracle E-Business Suite and Applications Release 11i 11.5.3
Oracle E-Business Suite and Applications Release 11i 11.5.2
Oracle E-Business Suite and Applications Release 11i 11.5.10
Oracle E-Business Suite and Applications Release 11i 11.5.1
Oracle E-Business Suite and Applications Release 11.0
Oracle Workflow 11.5.1 - 11.5.9.5
Oracle Forms and Reports 6.0.8.25
Oracle Forms and Reports 4.5.10.22
Oracle JInitiator 1.3.1
Oracle JInitiator 1.1.8
Oracle Developer Suite 9.0.5
Oracle Developer Suite 9.0.4.1
Oracle Developer Suite 9.0.4
Oracle Developer Suite 9.0.2.3
Oracle Developer Suite 10.1.2
Oracle Express Server 6.3.4.0
BUGTRAQ ID: 14238
CVE(CAN) ID: CVE-2005-2292,CVE-2005-2293,CVE-2005-2294,CVE-2005-3204,CVE-2005-3205,CVE-2005-3206,CVE-2005-3207,CVE-2005-4884
Oracle Database是一款商业性质大型数据库系统。
各种Oracle Database Server、Oracle Enterprise Manager、Oracle Application Server、Oracle Collaboration Suite、Oracle E-Business Suite和Applications、Oracle Workflow、Oracle Forms and Reports、Oracle JInitiator、Oracle Developer Suite和Oracle Express Server受多个漏洞影响。
这些漏洞可能是本地或远程漏洞,影响Oracle产品的所有安全属性,可能造成信息泄漏或者非法权限提升等攻击。
<*来源:Gerhard Eschelbeck
Esteban Martínez Fayó (secemf@gmail.com)
Alexander Kornbrust (ak@red-database-security.com)
Stephen Kost
David Litchfield (david@nextgenss.com)
Michael Murray
Aaron C. Newman (anewman@appsecinc.com)
Mike Sues (msues@rigelksecurity.com)
链接:http://www.integrigy.com/analysis.htm
http://marc.theaimsgroup.com/?l=bugtraq&m=112129082323341&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=112129177927502&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=112129452232307&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=112129398711846&w=2
http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html
*>
建议:
厂商补丁:
Oracle
------
Oracle已经为此发布了一个安全公告(cpujul2005)以及相应补丁:
cpujul2005:Critical Patch Update - July 2005
链接:http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html
补丁下载:
Oracle Database Server:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=311062.1
Oracle Application Server:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=311038.1
Oracle Collaboration Suite:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=311039.1
Oracle E-Business and Applications:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=311040.1
Oracle Enterprise Manager:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=311061.1
浏览次数:3415
严重程度:0(网友投票)
绿盟科技给您安全的保障