g database Software "Oracle8i" There are security vulnerabilities

Source: Internet
Author: User
Tags metalink
oracle| Security | security Vulnerabilities | data | database
A few days ago, U.S. network Associates, US CERT/CC and Oracle issued a warning that the database software "Oracle8i" there are security vulnerabilities. If this security vulnerability is used maliciously, it may face the risk of executing arbitrary code on the database server by remote operation and seizing control of the server. Oracle Inc. has released a patch that the server administrator must use as soon as possible.
  
A security vulnerability occurs because the Oracle8i TNS (Transparent network substrate) Listener note) uses an unchecked buffer. Therefore, once a request is sent there is a risk of causing the buffer overflow or executing arbitrary code. At this point, this code may be executed with the privileges of TNS listener. Because the buffer overflow occurs before the user authenticates, the attacker does not need to enter a user ID and password.
  
The implementation permissions of TNS listener vary by platform, so the impact of security vulnerabilities varies. Under UNIX systems, the attacker's code can be executed under the authority of the Oracle user. Under the Windows system, it can be executed under the "Local System" security environment (context). It is possible for an attacker to seize control of a database in any system, but the situation may be more severe under Windows systems. Because the attacker may also be able to capture the privileges of the OS administrator.
  
Patches released by the US Oracle can be downloaded via the company's support Services Web site "Metalink" (http://metalink.oracle.com). The serial number of the patch is "1489683".
  
Note: The so-called TNS Listener refers to the configuration program that responds to customer requests and establishes connections. The default state waits for the request through TCP port 1521th.



Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.