受影響系統:
Oracle Database 10gR1
描述:
Oracle是一款大型的商業數據庫系統。
Oracle的DBMS_SNAPSHOT_UTL軟件包可管理具體的視圖。這個軟件包中的公開過程VERIFY_LOG中存在緩沖區溢出漏洞,成功的攻擊可導致執行任意代碼或拒絕服務。
默認下DBMS_SNAPSHOT_UTL對PUBLIC具有EXECUTE權限,因此任何Oracle數據庫用戶都可以利用這個漏洞。請注意盡管2006年4月的緊急補丁更新提到了這個bug,但Oracle仍沒有為大多數平台發布補丁。
<*來源:Esteban Martínez Fayó ([email protected]) 鏈接:http://marc.theaimsgroup.com/?l=bugtraq&m=114557615729202&w=2 http://www.us-cert.gov/cas/techalerts/TA06-109A.html http://www.Oracle.com/technology/deploy/security/pdf/cpuapr2006.Html?_template=/ocom/technology/cont *> >
* 限制對DBMS_SNAPSHOT_UTL軟件包的訪問:
-- WARNING: This workaround may cause your application to work incorrectly
-- if it depends (directly or indirectly) on any of the affected database objects.
-- REVOKE_EXECUTE_PRIV: This procedure revokes all the EXECUTE privileges granted
-- to the database object identifIEd by the parameters P_OWNER and P_OBJECT_NAME.
CREATE OR REPLACE PROCEDURE REVOKE_EXECUTE_PRIV (P_OWNER IN VARCHAR2,
P_OBJECT_NAME IN VARCHAR2) AUTHID CURRENT_USER IS
CURSOR my_cur IS
select grantee from dba_tab_privs where owner = P_OWNER AND TABLE_NAME = P_OBJECT_NAME;
BEGIN
FOR my_rec IN my_cur
LOOP
DBMS_OUTPUT.PUT_LINE ('Revoking EXECUTE privilege from ' my_rec.grantee);
EXECUTE IMMEDIATE 'REVOKE EXECUTE ON ' P_OWNER '.' P_OBJECT_NAME ' FROM ' my_rec.grantee ' FORCE';
END LOOP;
END REVOKE_EXECUTE_PRIV;
/
-- To remove all execute privileges granted on vulnerable objects execute this PL/SQL:
BEGIN
REVOKE_EXECUTE_PRIV ('SYS', 'DBMS_SNAPSHOT_UTL');
END;
/
-- To remove execute privilege granted only to PUBLIC role on vulnerable objects
-- execute this PL/SQL:
REVOKE EXECUTE ON SYS.DBMS_SNAPSHOT_UTL FROM PUBLIC FORCE;
廠商補丁:
Oracle
目前廠商還沒有提供補丁或者升級程序,我們建議使用此軟件的用戶隨時關注廠商的主頁以獲取最新版本:
http://www.Oracle.com
