漏洞信息详情
Oracle OTRCREP Oracle Home环境变量缓冲区溢出漏洞
- CNNVD编号:CNNVD-200112-023
- 危害等级: 高危
- CVE编号: CVE-2001-0833
- 漏洞类型: 缓冲区溢出
- 发布时间: 2001-12-06
- 威胁类型: 本地
- 更新时间: 2005-10-12
- 厂 商: oracle
- 漏洞来源: This vulnerability...
漏洞简介
Oracle 8.0.x到9.0.1版本的otrcrep存在缓冲区溢出漏洞。本地用户借助超长ORACLE_HOME环境变量执行任意代码,也称为“Oracle踪迹收集安全漏洞”。
漏洞公告
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
参考网址
来源: otn.oracle.com 链接:http://otn.oracle.com/deploy/security/pdf/otrcrep.pdf 来源: BUGTRAQ 名称: 20011023 FW: ASI Oracle Security Alert: 3 new security alerts 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=100386756715645&w=2 来源: XF 名称: oracle-binary-symlink(6940) 链接:http://xforce.iss.net/static/6940.php 来源: BID 名称: 3139 链接:http://www.securityfocus.com/bid/3139 来源: CIAC 名称: M-011 链接:http://www.ciac.org/ciac/bulletins/m-011.sHTML 来源: BUGTRAQ 名称: 20011024 Oracle Trace Collection Security Vulnerability 链接:http://online.securityfocus.com/archive/1/222612 来源: BUGTRAQ 名称: 20010802 vulnerability in otrcrep binary in Oracle 8.0.5. 链接:http://online.securityfocus.com/archive/1/201295
受影响实体
- Oracle Database_server:9.0.1
- Oracle Database_server:8.1
- Oracle Database_server:8.0
补丁
暂无
评论