Vendor Status Note JVNCIAC-P-100

Oracle の複数の脆弱性


Oracle 製品のいくつかには、バッファオーバーフローなどの複数の脆弱性があります。

 - Oracle Database 10g Release 1, versions, and (supported for Oracle Application Server only)
 - Oracle9i Database Server Release 2, versions,, and
 - Oracle9i Database Server Release 1, versions, and 9.0.4 ( FIPS)
 - Oracle8i Database Server Release 3, version
 - Oracle8 Database Release 8.0.6, version (supported for E-Business Suite only)
 - Oracle Application Server 10g Release2 (10.1.2)
 - Oracle Application Server 10g (9.0.4), versions and
 - Oracle9i Application Server Release 2, versions and
 - Oracle9i Application Server Release 1, version
 - Oracle Collaboration Suite Release 2, version
 - Oracle E-Business Suite and Applications Release 11i(11.5)
 - Oracle E-Business Suite and Applications Release 11.0


遠隔から第三者が Oracle 製品を実行しているユーザ (Unix/Linux なら oracle、Windows なら SYSTEM) の権限を取得するなどの様々な影響を受ける可能性があります。


オラクルCritical Patch Update - January 2005

  1. ISS X-Force Database: oracle-database-link-dos(18946)
    Oracle Database Servers create database link denial of service
  2. ISS X-Force Database: oracle-olap-obtain-info(18957)
    Oracle Database Servers OLAP obtain information
  3. ISS X-Force Database: oracle-utlfile-modify-data(18960)
    Oracle Database Servers UTL_FILE modify data
  4. ISS X-Force Database: oracle-diagnostic-obtain-info(18961)
    Oracle Database Servers Diagnostic obtain information
  5. ISS X-Force Database: oracle-dataguard-obtain-info(18964)
    Oracle Database Servers Dataguard obtain information
  6. ISS X-Force Database: oracle-ohs-obtain-info(18969)
    Oracle Database Servers OHS obtain information
  7. ISS X-Force Database: oracle-ebusiness-suite-sql-injection(18966)
    Oracle E-Business Suite SQL injection
  8. ISS X-Force Database: oracle-report-server-obtain-info(18971)
    Oracle Database Servers Report Serverobtain information
  9. ISS X-Force Database: oracle-e-business-sql-injection(18973)
    Oracle E-Business Suite SQL injection
  10. ISS X-Force Database: oracle-calendar-obtain-info(18974)
    Oracle Database Servers Calendar obtain information

JPCERT REPORTJPCERT-WR-2005-0401 ( 2005-01-26 )
CIAC BulletinP-100 Oracle Critical Patch Update ( 2005-01-18 )

登録日20:11 2005/01/30
更新日20:12 2005/01/30

Copyright(C) 2002-2009 Keio Univ. All rights reserved.