Oracle 组件Listener 多个未知漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117953 漏洞类型 Design Error
发布时间 2009-06-14 更新时间 2009-07-24
CVE编号 CVE-2009-1970 CNNVD-ID CNNVD-200907-221
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/33083
https://www.securityfocus.com/bid/35683
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200907-221
|漏洞详情
OracleDatabase是一款商业性质大型数据库系统。Oracle发布了2009年4月的紧急补丁更新公告,修复了多个Oracle产品中存在的漏洞。这些漏洞影响Oracle产品的所有安全属性,可导致本地和远程的威胁。其中一些漏洞可能需要各种级别的授权,但也有些不需要任何授权。最严重的漏洞可能导致完全入侵数据库系统。
|漏洞EXP
source: http://www.securityfocus.com/bid/35683/info

Oracle Database is prone to a remote vulnerability affecting the 'Listener' component.

The vulnerability can be exploited over the 'Oracle Net' protocol. An attacker doesn't require privileges to exploit this vulnerability.

The attacker can exploit this issue to crash the affected application, denying service to legitimate users.

The following are vulnerable:

Oracle9i 9.2.0.8 and 9.2.0.8DV
Oracle10g 10.1.0.5 and 10.2.0.4
Oracle11g 11.1.0.7

Other versions may also be affected. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/33083.zip
|受影响的产品
Oracle Oracle9i Standard Edition 9.2 .8DV Oracle Oracle9i Standard Edition 9.2 .8 Oracle Oracle9i Personal Edition 9.2 .8DV Oracle Oracle9i Enterprise Edition 9.2 .8DV Oracle Oracle11g Standa
|参考资料

来源:www.oracle.com
链接:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
来源:XF
名称:oracle-db-listener-unspecified(51756)
链接:http://xforce.iss.net/xforce/xfdb/51756
来源:VUPEN
名称:ADV-2009-1900
链接:http://www.vupen.com/english/advisories/2009/1900
来源:SECTRACK
名称:1022560
链接:http://www.securitytracker.com/id?1022560
来源:BID
名称:35683
链接:http://www.securityfocus.com/bid/35683
来源:SECUNIA
名称:35776
链接:http://secunia.com/advisories/35776
来源:OSVDB
名称:55891
链接:http://osvdb.org/55891