Oracle PL/SQL Gateway PLSQLExclusion访问控制列表绕过漏洞
| CNNVD-ID编号 | CNNVD-200601-341 | CVE编号 | CVE-2006-0435 |
| 发布时间 | 2006-01-26 | 更新时间 | 2006-04-30 |
| 漏洞类型 | 输入验证 | 漏洞来源 | David Litchfield [email protected] |
| 危险等级 | 高危 | 威胁类型 | 远程 |
| 厂商 | oracle | ||
漏洞介绍
Oracle Database是一款大型商业数据库系统。
Oracle Database的组件PL/SQL Gateway在访问控制列表的实现上存在漏洞,攻击者可能利用此漏洞完全控制数据系统。由于访问控制实现上的问题,攻击者可能绕过PLSQLExclusion列表的限制非授权地访问到被禁止访问的存储过程,从而完全获取数据库的DBA权限。
漏洞补丁
目前暂无Oracle PL/SQL Gateway PLSQLExclusion访问控制列表绕过漏洞的补丁信息,如Oracle PL/SQL Gateway PLSQLExclusion访问控制列表绕过漏洞补丁信息有更新,便会立即同步;参考网址
来源: US-CERT
名称: VU#169164
链接:http://www.kb.cert.org/vuls/id/169164
来源: BUGTRAQ
名称: 20060125 Workaround for unpatched Oracle PLSQL Gateway flaw
链接:http://www.securityfocus.com/archive/1/archive/1/423029/100/0/threaded
来源: VUPEN
名称: ADV-2006-1397
链接:http://www.frsirt.com/english/advisories/2006/1397
来源: SECTRACK
名称: 1015961
链接:http://securitytracker.com/id?1015961
来源: BID
名称: 16384
链接:http://www.securityfocus.com/bid/16384
来源: BUGTRAQ
名称: 20060208 Re: Workaround for unpatched Oracle PLSQL Gateway flaw
链接:http://www.securityfocus.com/archive/1/archive/1/424394/100/0/threaded
来源: BUGTRAQ
名称: 20060202 More on the workaround for the unpatched Oracle PLSQL Gateway flaw
链接:http://www.securityfocus.com/archive/1/archive/1/423822/100/0/threaded
来源: BUGTRAQ
名称: 20060202 The History of the Oracle PLSQL Gateway Flaw
链接:http://www.securityfocus.com/archive/1/archive/1/423819/100/0/threaded
来源: BUGTRAQ
名称: 20060131 Re: Workaround for unpatched Oracle PLSQL Gateway flaw
链接:http://www.securityfocus.com/archive/1/archive/1/423673/100/0/threaded
来源: OSVDB
名称: 22719
来源: MISC
链接:http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
来源: www.oracle.com
链接:http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html
来源: VUPEN
名称: ADV-2006-0338
链接:http://www.frsirt.com/english/advisories/2006/0338
来源: SECTRACK
名称: 1015544
链接:http://securitytracker.com/id?1015544
来源: SECUNIA
名称: 19712
链接:http://secunia.com/advisories/19712
来源: SECUNIA
名称: 18621
链接:http://secunia.com/advisories/18621
来源: FULLDISC
名称: 20060125 Workaround for unpatched Oracle PLSQL Gateway flaw
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041742.html
来源: XF
名称: oracle-plsql-command-execution(24363)
链接:http://xforce.iss.net/xforce/xfdb/24363
来源: HP
名称: SSRT061148
链接:http://www.securityfocus.com/archive/1/archive/1/432267/100/0/threaded
来源: VUPEN
名称: ADV-2006-1571
链接:http://www.frsirt.com/english/advisories/2006/1571
来源: SREASON
名称: 403
链接:http://securityreason.com/securityalert/403
来源: SREASON
名称: 402
链接:http://securityreason.com/securityalert/402
来源: SECUNIA
名称: 19859
链接:http://secunia.com/advisories/19859
来源: FULLDISC
名称: 20060202 More on the workaround for the unpatched Oracle PLSQL Gateway flaw
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041899.html
受影响实体
Oracle Http_server:9.1 Oracle Http_server:9.2.0 Oracle Http_server:1.0.2.2 Oracle Http_server:9.0.2 Oracle Http_server:9.0.1信息来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200601-341
评论