[转载]Oracle Database缓冲区漏洞
<p>信息来源: <font color="#cc0000">绿盟科技 </font></p><p style="TEXT-INDENT: 2em"><font face="Times New Roman" size="3">受影响系统: <br /><br /> Oracle Database 10gR1 <br /><br /> 描述: <br /><br /> Oracle是一款大型的商业数据库系统。 <br /><br /> Oracle的DBMS_SNAPSHOT_UTL软件包可管理具体的视图。这个软件包中的公开过程VERIFY_LOG中存在缓冲区溢出漏洞,成功的攻击可导致执行任意代码或拒绝服务。 <br /><br /> 默认下DBMS_SNAPSHOT_UTL对PUBLIC具有EXECUTE权限,因此任何Oracle数据库用户都可以利用这个漏洞。请注意尽管2006年4月的紧急补丁更新提到了这个bug,但Oracle仍没有为大多数平台发布补丁。 <br /><br /> </font></p><center><ccid_nobr /><table cellspacing="0" bordercolordark="#ffffff" cellpadding="2" width="400" align="center" bordercolorlight="#000000" border="1"><tbody><tr><td class="code" style="FONT-SIZE: 9pt" bgcolor="#e6e6e6"><pre> <*来源:Esteban Martínez Fayó (secemf@gmail.com)链接:[url]http://marc.theaimsgroup.com/?l=bugtraq&m=114557615729202&w=2[/url]
[url]http://www.us-cert.gov/cas/techalerts/TA06-109A.html[/url]
[url]http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html?_template=/ocom/technology/cont[/url]
*>
> </pre></td></tr></tbody></table></ccid_nobr /></center><p><br /> 建议: <br /><br /> 临时解决方法: <br />* 限制对DBMS_SNAPSHOT_UTL软件包的访问: <br /><br /> -- WARNING: This workaround may cause your application to work incorrectly <br /><br /> -- if it depends (directly or indirectly) on any of the affected database objects. <br /><br /> -- REVOKE_EXECUTE_PRIV: This procedure revokes all the EXECUTE privileges granted <br /><br /> -- to the database object identified by the parameters P_OWNER and P_OBJECT_NAME. <br /><br /> CREATE OR REPLACE PROCEDURE REVOKE_EXECUTE_PRIV (P_OWNER IN VARCHAR2, <br /><br /> P_OBJECT_NAME IN VARCHAR2) AUTHID CURRENT_USER IS <br /><br /> CURSOR my_cur IS <br /><br /> select grantee from dba_tab_privs where owner = P_OWNER AND TABLE_NAME = P_OBJECT_NAME; <br /><br /> BEGIN <br /><br /> FOR my_rec IN my_cur <br /><br /> LOOP <br /> <br /> DBMS_OUTPUT.PUT_LINE ('Revoking EXECUTE privilege from ' my_rec.grantee); <br /><br /> EXECUTE IMMEDIATE 'REVOKE EXECUTE ON ' P_OWNER '.' P_OBJECT_NAME ' FROM ' my_rec.grantee ' FORCE'; <br /><br /> END LOOP; <br /><br /> END REVOKE_EXECUTE_PRIV; <br /><br /> / <br /><br /> -- To remove all execute privileges granted on vulnerable objects execute this PL/SQL: <br /><br /> BEGIN <br /><br /> REVOKE_EXECUTE_PRIV ('SYS', 'DBMS_SNAPSHOT_UTL'); <br /> END; <br /><br /> / <br /><br /> -- To remove execute privilege granted only to PUBLIC role on vulnerable objects <br /><br /> -- execute this PL/SQL: <br /><br /> REVOKE EXECUTE ON SYS.DBMS_SNAPSHOT_UTL FROM PUBLIC FORCE; <br /><br /> 厂商补丁: <br /><br /> Oracle <br /><br /> 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <br /><br /> [url]http://www.oracle.com[/url]<br /></p>
页:
[1]