CERTVU:472148Oracle Reports arbitrary file writing vulnerability
0.933 High
EPSS
Percentile
99.1%
Overview
Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to overwrite arbitrary files on the Reports Server.
Description
Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. It is a component of Oracle Application Server and the Oracle Developer Suite. Oracle Reports are accessible over a network via a URI. Improper validation on the desname URI parameter may allow a remote attacker to overwrite or create arbitrary files on the server where the Oracle Reports service is installed.
Based on research into public information, we believe that this issue is Oracle vuln# REP06 in the Oracle CPU for January 2006. However, there is not sufficient information to authoritatively relate Oracle vulnerability information to information provided by other parties.
Impact
By sending a specially crafted URI to Oracle Reports, a remote attacker may be able to overwrite files on the server with the privileges of the Oracle Reports process. Depending on which file was created or overwritten, this could allow the attacker to gain elevated privileges or a cause a denial-of-service condition on the system.
Solution
Apply patches
This issue is corrected in the Oracle Critical Patch Update for January 2006.
Restrict Access to Reports Server
Allowing only trusted users access to Oracle Reports may reduce the chances of exploitation.
Vendor Information
472148
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Oracle Corporation __ Affected
Updated: January 19, 2006
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see <http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html> and <http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23472148 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html>
- <http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html>
- <http://secunia.com/advisories/16092/>
- <http://www.securityfocus.com/bid/14309>
- <http://securitytracker.com/id?1014524>
- <http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html>
Acknowledgements
This document is based on information provided by Alexander Kornbrust.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | CVE-2005-2371 |
|---|---|
| Severity Metric: | 12.78 Date Public: |
References
Related
