| Ãë¾àÁ¡ID |
25043 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
1521, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
DB |
| »ó¼¼¼³¸í |
Oracle µ¥ÀÌÅͺ£À̽º ¼¹öÀÇ ¹öÀü¿¡ µû¸£¸é ÇØ´ç ¼¹ö¿¡´Â ´ÙÁßÀÇ Ãë¾àÁ¡µéÀÌ Á¸ÀçÇÑ´Ù. Oracle Database ±×¸®°í Application ¼¹öµé ±×¸®°í Oracle Collaboration Suite´Â µ¥ÀÌÅÍ Á¶ÀÛ ¹× Á¤º¸ ȹµæÀÌ °¡´ÉÇÑ ´ÙÁßÀÇ Ãë¾àÁ¡µé¿¡ Ãë¾àÇÏ´Ù. ¸î¸î ¹®Á¦Á¡µéÀº Àΰ¡¹ÞÁö ¾ÊÀº ¿ø°ÝÁöÀÇ °ø°ÝÀÚµéÀÌ Æ¯Á¤ ȯ°æ ÇÏ¿¡¼ ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇϰųª ¼ºñ½º °ÅºÎ¸¦ ÀÏÀ¸Å³ ¼ö ÀÖ°Ô ÇØ ÁÙ ¼ö ÀÖ´Ù.
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç Oracle µ¥ÀÌÅͺ£À̽º ¼¹öÀÇ ¹öÀü Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.oracle.com/technetwork/topics/security/cpu-jan-2005-advisory-129526.pdf
http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0626.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0042.html
http://secunia.com/advisories/13862/
http://www.integrigy.com/alerts/OraCPU0105.htm
http://www.integrigy.com/alerts/ReportsServer_APPS_Disclosure.htm
http://www.petefinnigan.com/directory_traversal.pdf
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Oracle Corporation, Oracle Collaboration Suite Release 2 9.0.4.2
Oracle Corporation, Oracle10g Application Server 9.0.4
Oracle Corporation, Oracle10g Application Server 9.0.4.0
Oracle Corporation, Oracle10g Application Server 9.0.4.1
Oracle Corporation, Oracle10g Application Server Release 2 10.1.2
Oracle Corporation, Oracle10g Database Server Release 1 10.1.0.2
Oracle Corporation, Oracle10g Database Server Release 1 10.1.0.3
Oracle Corporation, Oracle10g Database Server Release 1 10.1.0.3.1
Oracle Corporation, Oracle8i Database Server 8.0.6
Oracle Corporation, Oracle8i Database Server 8.0.6.3
Oracle Corporation, Oracle8i Database Server Release 3 8.1.7.4
Oracle Corporation, Oracle9i Application Server Release 1 1.0.2.2
Oracle Corporation, Oracle9i Application Server Release 2 9.0.2.3
Oracle Corporation, Oracle9i Application Server Release 2 9.0.3.1
Oracle Corporation, Oracle9i Database Server Release 1 9.0.1.4
Oracle Corporation, Oracle9i Database Server Release 1 9.0.1.5
Oracle Corporation, Oracle9i Database Server Release 1 9.0.4
Oracle Corporation, Oracle9i Database Server Release 2 9.2.0.4
Oracle Corporation, Oracle9i Database Server Release 2 9.2.0.5
Oracle Corporation, Oracle9i Database Server Release 2 9.2.0.6
Microsoft Windows Any version
Linux Any version
Unix Any version |
| ÇØ°áÃ¥ |
Oracle »ç´Â ÀÌ ¹®Á¦µéÀ» ÇØ°áÇÒ ¼ö ÀÖ´Â Critical Patch Update¸¦ ³»³õ¾Ò´Ù. ÀûÀýÇÑ ÆÐÄ¡ ȹµæ ¹× Àû¿ë¿¡ °üÇÑ Á¤º¸´Â ´ÙÀ½ 2005³â 1¿ù Oracle Critical Patch Update¿¡¼ ãÀ» ¼ö ÀÖ´Ù:
http://www.oracle.com/technetwork/topics/security/cpu-jan-2005-advisory-129526.pdf |
| °ü·Ã URL |
CVE-2005-0298,CVE-2004-1364,CVE-2004-0637,CVE-2004-0638,CVE-2004-0200,CVE-2005-0297,CVE-2005-0298,CVE-2005-0701 (CVE) |
| °ü·Ã URL |
12301,10871,11120,11099,11100,11091,12296 (SecurityFocus) |
| °ü·Ã URL |
18953,18957,18958,18959,18960,18961,18962,18963,18964,18965 (ISS) |
|
