Oracle OJVM 安全漏洞(CVE-2017-10202)

微信公众号:云库管    www.yunDBA.com

北京云库管科技有限公司 (内部培训资料) 返回上级

 

 

 


   
Oracle Database Server OJVM 本地安全漏洞(CVE-2017-10202)

1/1

100%

1

受影响主机

详细描述

Oracle Database Server是一个对象一关系数据库管理系统。它提供开放的、全面的、和集成的信息管理方法。 Oracle Database Server 11.2.0.4, 12.1.0.2, 12.2.0.1版本中,OJVM 组件存在安全漏洞,本地用户利用此漏洞可影响机密性。 <*来源:Oracle 链接:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html *>

解决办法

厂商补丁: Oracle ------ Oracle已经为此发布了一个安全公告(cpujul2017-3236622)以及相应补丁: cpujul2017-3236622 Oracle Critical Patch Update Advisory - July 2017 链接:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

威胁分值

9.9

危险插件

发现日期

2017-08-08

CVE编号

CVE-2017-10202

BUGTRAQ

99865

CNNVD编号

CNNVD-201707-1013

CNCVE编号

CNCVE-201710202

CVSS评分

6.5

 

 

进入oracle metalink官网

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

 

 

 

 

 

修复时间:

11.2.0.4.170718   Patch 26182425   for Microsoft Windows

即该补丁集已修复了此漏洞。

 

对比WINDOWS ORACLE JAVAVM COMPONENT BUNDLE PATCH

低版本补丁集PSU  Patch 26182425   for Microsoft Windows                   --2017.7发布

高版本补丁集PSU  11.2.0.4.181016  Patch 28412269                            --181016发布

 

结论:

低版本 PSU 补丁集 Patch 26182425 里所包含的小补丁已被包含到了此高版本补丁集PSU11.2.0.4.181016 Patch 28412269)当中,说明CVE在此高版本补丁集PSU版本已解决。

注: ORACLE补丁集原理:补丁集发布是累积的。即高版本补丁集包含低版本补丁集里的内容。

 

对比过程:

 

Bugs Resolved by This Patch

 

14774730

Fix for Bug 14774730

17056813

Fix for Bug 17056813

17201047

Fix for Bug 17201047

17285560

Fix for Bug 17285560

17528315

ORA-29532 ON JAVAMAIL API AFTER UPGRADE TO 11.2.0.4

17804361

SET COLLECTION TYPE AS A BIND VARIABLE IS VERY SLOW AFTER UPGRADE TO 11.2.0.4

18166577

JAVA STORED PROCEDURE FAILS WITH ORA-29532 IN 11.2.0.4

18458318

LOW QUALITY FONT IMAGE FILE CREATED USING JAVA CLASS AFTER UPGRADE TO 11.2.0.4

18726772

EXCESSIVE PGA USAGE WHEN CALLING UTL_DBWS REPEATEDLY

18933818

ORA-29532: JAVA CALL TERMINATED BY UNCAUGHT JAVA EXCEPTION: JAVA.LANG.ILLEGALMON

Open Readme to View all Bugs

 

View Related Knowledge to this Patch

 

 

Patch 28412269 --2018.10.16发布: 本数据库的已打补丁集

Patch  28412269     : applied on Fri Sep 20 19:54:54 CST 2019

Unique Patch ID:  22489197

Patch description:  "WINDOWS ORACLE JAVAVM COMPONENT BUNDLE PATCH 11.2.0.4.181016"

   Created on 8 Oct 2018, 16:17:30 hrs PST8PDT

   Bugs fixed:

     26637592, 26023002, 19007266, 21566944, 27642235, 21811517, 19058059

     19852360, 20408829, 18933818, 25076732, 22675136, 25649873, 27461842

     22670385, 19231857, 21047766, 17804361, 18458318, 17285560, 17056813

     18166577, 23727132, 23265914, 28502128, 19374518, 24448240, 25494379

     18726772, 19554117, 19153980, 19909862, 17201047, 17528315, 24534298

     25067795, 19187988, 22118835, 19006757, 21911849, 27952577, 27000663

     19895326, 19176885, 22253904, 14774730, 19223010

   This patch overlays patches:

     28265827

   This patch needs patches:

     28265827

   as prerequisites