| CNNVD-ID编号 | CNNVD-200610-274 | CVE编号 | CVE-2006-5335 |
| 发布时间 | 2006-10-17 | 更新时间 | 2006-10-30 |
| 漏洞类型 | SQL注入 | 漏洞来源 | Oracle credits the following people with the discovery of these vulnerabilities: Johannes Fahrenkrug; Sacha Faust of S.P.I. Dynamics, Inc.; Esteban Martinez Fayo of Application Security, Inc.; Alexander Kornbrust of Red Database Security GmbH; David Litch |
| 危险等级 | 超危 | 威胁类型 | 远程 |
| 厂商 | oracle | ||
OOracle Database 10.1.0.5和10.2.0.2中存在多个不明漏洞,具有未知的影响和不明远程认证攻击向量,它们与(1)Vuln# DB04和(a)Change Data Capture(CDC)组件中的sys.dbms_cdc_impdp;2)Vuln# DB07,CDC的sys.dbms_cdc_isubscribe中的(3)DB08和(4)DB16;以及(b)Oracle Spatial组件的(5)mdsys.sdo_geor_int相关。
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
Oracle HTML DB 1.5
Oracle apex_2.2.1.zip
http://www.oracle.com/technology/software/htdocs/devlic.html?url=
http: //download.oracle.com/otn/java/appexpress/apex_2.2.1.zip
Oracle HTML DB 1.6.1
Oracle apex_2.2.1.zip
http://www.oracle.com/technology/software/htdocs/devlic.html?url=
http: //download.oracle.com/otn/java/appexpress/apex_2.2.1.zip
Oracle HTML DB 2.0
Oracle apex_2.2.1.zip
http://www.oracle.com/technology/software/htdocs/devlic.html?url=
http: //download.oracle.com/otn/java/appexpress/apex_2.2.1.zip
来源: TA06-291A
名称: TA06-291A
来源: VU#736324
名称: VU#736324
来源: BID
名称: 20588
来源: www.oracle.com
链接:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html
来源: VUPEN
名称: ADV-2006-4065
来源: BUGTRAQ
名称: 20061018 Analysis of the Oracle October 2006 Critical Patch Update
链接:http://www.securityfocus.com/archive/1/archive/1/449110/100/0/threaded
来源: MISC
链接:http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html
来源: MISC
链接:http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf
来源: SECTRACK
名称: 1017077
来源: SECUNIA
名称: 22396
来源: HP
名称: HPSBMA02133
链接:http://www.securityfocus.com/archive/1/archive/1/449711/100/0/threaded
计算
安全
数据库
网络和加速
企业服务
