Oracle Database Server 'CREATE ANY DIRECTORY'特权提升漏洞

BUGTRAQ ID: 31738 CNCAN ID：CNCAN-2008101405 Oracle Database Server是一款大型企业级的数据库服务程序。 Oracle Database Server 'CREATE ANY DIRECTORY'用户特权相关处理存在问题，远程攻击者可以利用漏洞获得SYSDBA特权权限。 通过UTL_DIR使用已知两进制密码文件可直接覆盖隐藏的两进制文件，而使拥有CREATE ANY DIRECTORY低权限的用户获得SYSDBA特权。 目前如下链接进行了一定程度的分析(目前不能连接)： http://www.oracleforensics.com/wordpress/index.php/2008/10/10/create-any -directory-to-sysdba/ Oracle Oracle11g Standard Edition One 11.1 6 Oracle Oracle11g Standard Edition 11.1 6 Oracle Oracle11g Standard Edition 11.1 6 Oracle Oracle11g Enterprise Edition 11.1 6 Oracle Oracle10g Standard Edition 10.2 .3 Oracle Oracle10g Standard Edition 10.2 .2 Oracle Oracle10g Standard Edition 10.2 .1 Oracle Oracle10g Standard Edition 10.1 .5 Oracle Oracle10g Standard Edition 10.1 .4.2 Oracle Oracle10g Standard Edition 10.1 .4 Oracle Oracle10g Standard Edition 10.1 .0.5 Oracle Oracle10g Standard Edition 10.1 .0.4 Oracle Oracle10g Standard Edition 10.1 .0.3.1 Oracle Oracle10g Standard Edition 10.1 .0.3 Oracle Oracle10g Standard Edition 10.1 .0.2 Oracle Oracle10g Standard Edition 10.2.0.4 Oracle Oracle10g Standard Edition 10.2 Oracle Oracle10g Personal Edition 10.2 .3 Oracle Oracle10g Personal Edition 10.2 .2 Oracle Oracle10g Personal Edition 10.2 .1 Oracle Oracle10g Personal Edition 10.1 .5 Oracle Oracle10g Personal Edition 10.1 .4 Oracle Oracle10g Personal Edition 10.1 .0.4 Oracle Oracle10g Personal Edition 10.1 .0.3.1 Oracle Oracle10g Personal Edition 10.1 .0.3 Oracle Oracle10g Personal Edition 10.1 .0.2 Oracle Oracle10g Personal Edition 10.2.0.4 Oracle Oracle10g Personal Edition 10.2 Oracle Oracle10g Enterprise Edition 10.2 .3 Oracle Oracle10g Enterprise Edition 10.2 .2 Oracle Oracle10g Enterprise Edition 10.2 .1 Oracle Oracle10g Enterprise Edition 10.1 .5 Oracle Oracle10g Enterprise Edition 10.1 .5 Oracle Oracle10g Enterprise Edition 10.1 .4.2 Oracle Oracle10g Enterprise Edition 10.1 .4 Oracle Oracle10g Enterprise Edition 10.1 .0.4 Oracle Oracle10g Enterprise Edition 10.1 .0.3.1 Oracle Oracle10g Enterprise Edition 10.1 .0.3 Oracle Oracle10g Enterprise Edition 10.1 .0.2 Oracle Oracle10g Enterprise Edition 10.2.0.4 Oracle Oracle10g Enterprise Edition 10.2.0.2 64 bit Oracle Oracle10g Enterprise Edition 10.2 Oracle Oracle10g Application Server 10.1.3 .4.0 Oracle Oracle10g Application Server 10.1.3 .3.0 Oracle Oracle10g Application Server 10.1.3 .2.0 Oracle Oracle10g Application Server 10.1.3 .1.0 Oracle Oracle10g Application Server 10.1.3 .0.0 Oracle Oracle10g Application Server 10.1.2 .2.0 Oracle Oracle10g Application Server 10.1.2 .1.0 Oracle Oracle10g Application Server 10.1.2 .0.2 Oracle Oracle10g Application Server 10.1.2 .0.1 Oracle Oracle10g Application Server 10.1.2 Oracle Oracle10g Application Server 10.1 .5 Oracle Oracle10g Application Server 10.1 .0.4 Oracle Oracle10g Application Server 10.1 .0.3.1 Oracle Oracle10g Application Server 10.1 .0.3 Oracle Oracle10g Application Server 10.1 .0.2 Oracle Oracle10g Application Server 10.1.2.3.0 目前没有解决方案提供： <a href=http://www.oracle.com/index.html target=_blank>http://www.oracle.com/index.html</a>