Oracle Database Server 8iR3, 9iR1, 9iR2 到 9.2.0.6, 以及 10gR1 到 10.1.0.4的MDSYS.SDO_CS中存在緩沖區(qū)溢出錯誤,這將允許遠程認證用戶利用TRANSFORM函數發(fā)起拒絕服務攻擊(崩潰)并運行任意代碼�����。注意:該問題可能已經被CVE-2007-5515����、CVE-2007-5509或CVE-2007-5505所涵蓋,但暫時沒有充分的信息說明這一點��。
受影響系統(tǒng)和軟件:
Oracle, Oracle8i Database Server Release 3
Oracle, Oracle9i Database Server Release 1
Oracle, Oracle9i Database Server Release 2, 9.2.0.1
Oracle, Oracle9i Database Server Release 2, 9.2.0.2
Oracle, Oracle9i Database Server Release 2, 9.2.0.3
Oracle, Oracle9i Database Server Release 2, 9.2.0.4
Oracle, Oracle9i Database Server Release 2, 9.2.0.5
Oracle, Oracle9i Database Server Release 2, 9.2.0.6
Oracle, Oracle10g Database Server Release 1, 10.1.0.2
Oracle, Oracle10g Database Server Release 1, 10.1.0.3
Oracle, Oracle10g Database Server Release 1, 10.1.0.4
參考資源一:
http://www.securityfocus.com/archive/1/archive/1/482918/100/100/threaded
參考資源二:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html
致謝:
該漏洞由Team SHATTER發(fā)現��。
