Probleme ne Oracle servers
CERT® Coordination Center has warned of multiple
security problems -mainly buffer overflow problems- in Oracle9i Application Server, Oracle9i Database and Oracle8i Database.
The security implications of these problems is critical, as they could be exploited by an attacker to read, modify, or delete the information stored in Oracle databases. They could also allow denial of services, and the execution of arbitrary code in the server.
All users of systems that could be affected(*) are advised to apply the corresponding patches. Until then, CERT® Coordination Center recommends users to run Oracle services with the least privileges, remove those that are unnecessary and restrict network access to Oracle services.
Further information is available from the CERT® Coordination Center advisory, at: http://www.cert.org/advisories/CA-2003-05.html
(*) Systems affected:
- Oracle9i Database (Release 1 and 2)
- Oracle8i Database v 8.1.7
- Oracle8 Database v 8.0.6
- Oracle9i Application Server (Release 9.0.2 and 9.0.3)
----------------------------
cheers
CERT® Coordination Center has warned of multiple
security problems -mainly buffer overflow problems- in Oracle9i Application Server, Oracle9i Database and Oracle8i Database.
The security implications of these problems is critical, as they could be exploited by an attacker to read, modify, or delete the information stored in Oracle databases. They could also allow denial of services, and the execution of arbitrary code in the server.
All users of systems that could be affected(*) are advised to apply the corresponding patches. Until then, CERT® Coordination Center recommends users to run Oracle services with the least privileges, remove those that are unnecessary and restrict network access to Oracle services.
Further information is available from the CERT® Coordination Center advisory, at: http://www.cert.org/advisories/CA-2003-05.html
(*) Systems affected:
- Oracle9i Database (Release 1 and 2)
- Oracle8i Database v 8.1.7
- Oracle8 Database v 8.0.6
- Oracle9i Application Server (Release 9.0.2 and 9.0.3)
----------------------------
cheers