- Oracle Critical Patch Update(CPU)는 Oracle사의 제품을 대상으로 다수의 보안 패치를 발표하는 주요 수단임
- Oracle CPU 발표 이후, 관련 공격코드의 출현으로 인한 피해가 예상되는 바 Oracle 제품의 다중 취약점에 대한 패치를 권고함
설명
- 2013년 4월 Oracle CPU에서는 Oracle 자사 제품의 보안취약점 128개에 대한 패치를 발표함
- 원격 및 로컬 공격을 통하여 취약한 서버를 공격하는데 악용될 가능성이 있는 취약점을 포함하여 DB의 가용성 및 기밀성/무결성에 영향을 줄 수 있는 취약점 존재
영향받는 시스템
- Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3 Database
- Oracle Database 11g Release 1, version 11.1.0.7 Database
- Oracle Database 10g Release 2, versions 10.2.0.4, 10.2.0.5 Database
- Oracle Application Express, versions prior to 4.2.1 Database
- Oracle Containers for J2EE, version 10.1.3.5 Fusion Middleware
- Oracle COREid Access, version 10.1.4.3 Fusion Middleware
- Oracle GoldenGate Veridata, version 3.0.0.11 Fusion Middleware
- Oracle HTTP Server, versions 10.1.3.5.0, 11.1.1.5.0, 11.1.1.6.0 Fusion Middleware
- Oracle JRockit, versions R27.7.4 and earlier, R28.2.6 and earlier Fusion Middleware
- Oracle Outside In Technology, versions 8.3.7, 8.4.0 Fusion Middleware
- Oracle WebCenter Capture, version 10.1.3.5.1 Fusion Middleware
- Oracle WebCenter Content, versions 10.1.3.5.1, 11.1.1.6.0 Fusion Middleware
- Oracle WebCenter Interaction, versions 6.5.1, 10.3.3.0 Fusion Middleware
- Oracle WebCenter Sites, versions 7.6.2, 11.1.1.6.0, 11.1.1.6.1 Fusion Middleware
- Oracle WebLogic Server, versions 10.0.2, 10.3.5, 10.3.6, 12.1.1 Fusion Middleware
- Oracle Web Services Manager, version 11.1.1.6 Fusion Middleware
- Oracle E-Business Suite Release 12i, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3 E-Business Suite
- Oracle E-Business Suite Release 11i, version 11.5.10.2 E-Business Suite
- Oracle Agile EDM, versions 6.1.1.0, 6.1.2.0, 6.1.2.2 Supply Chain
- Oracle Transportation Management, versions 5.5.05, 6.2 Supply Chain
- Oracle PeopleSoft HRMS, version 9.1 PeopleSoft
- Oracle PeopleSoft PeopleTools, versions 8.51, 8.52, 8.53 PeopleSoft
- Oracle Siebel CRM, versions 8.1.1, 8.2.2 Siebel
- Oracle Clinical Remote Data Capture Option, versions 4.6.0, 4.6.6 Health Sciences
- Oracle Retail Central Office, versions 13.1, 13.2, 13.3, 13.4 Retail
- Oracle Retail Integration Bus, versions 13.0, 13.1, 13.2 Retail
- Oracle FLEXCUBE Direct Banking, versions 2.8.0 - 12.0.1 Oracle FLEXCUBE
- Primavera P6 Enterprise Project Portfolio Management, versions 7.0, 8.1, 8.2 Primavera
- Oracle and Sun Systems Product Suite Oracle and Sun Systems Product Suite
- Oracle Sun Middleware Products Fusion Middleware
- Oracle MySQL Server, versions 5.1, 5.5, 5.6 Oracle MySQL Product Suite
- Oracle Automatic Service Request, versions prior to 4.3.2
해결방안
- 해결방안으로서 "Oracle Critical Patch Update Advisory - April 2013" 문서를 검토하고 벤더사 및 유지보수업체와 협의/검토 후 패치적용 요망[1]
[참고사이트]
[1] http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
원문: http://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=2128
댓글 없음:
댓글 쓰기