Oracle Application Server Forms 'buffered records' Temp File Information Disclosure
2005-07-12T10:29:54
ID OSVDB:18246 Type osvdb Reporter Alexander Kornbrust(ak@red-database-security.com) Modified 2005-07-12T10:29:54
Description
Vulnerability Description
Oracle Application Server contains a flaw in the Oracle Forms componentthat may lead to an unauthorized information disclosure. The issue is triggered when the number of records in a Oracle Forms application retrieved from the database exceeds the parameter "buffered records", and a temp file is created to hold a copy of the database table which will disclose database record information resulting in a loss of confidentiality.
Technical Description
An attacker must supply valid authentication credentials for the server hosting the database in order to exploit this vulnerability.
Solution Description
Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch (Critical Patch Update - July 2005) to address this vulnerability.
Short Description
Oracle Application Server contains a flaw in the Oracle Forms componentthat may lead to an unauthorized information disclosure. The issue is triggered when the number of records in a Oracle Forms application retrieved from the database exceeds the parameter "buffered records", and a temp file is created to hold a copy of the database table which will disclose database record information resulting in a loss of confidentiality.
References:
Vendor Specific Advisory URL
Security Tracker: 1014466
Secunia Advisory ID:15991Secunia Advisory ID:16121
Other Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1
Other Advisory URL: http://www.red-database-security.com/advisory/oracle_forms_unsecure_temp_file_handling.html
Other Advisory URL: http://www.us-cert.gov/cas/techalerts/TA04-245A.html
Mail List Post: http://marc.theaimsgroup.com/?l=full-disclosure&m=112128389427393&w=2
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0216.html
Keyword: AS04
ISS X-Force ID: 21347
Generic Informational URL: http://www.eweek.com/article2/0,1895,1836304,00.asp
CVE-2005-2294
CERT VU: 435974
Bugtraq ID: 14238
{"type": "osvdb", "published": "2005-07-12T10:29:54", "href": "https://vulners.com/osvdb/OSVDB:18246", "bulletinFamily": "software", "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/", "score": 2.1}, "viewCount": 2, "edition": 1, "reporter": "Alexander Kornbrust(ak@red-database-security.com)", "title": "Oracle Application Server Forms 'buffered records' Temp File Information Disclosure", "affectedSoftware": [{"operator": "eq", "version": "6.0.8.25", "name": "Oracle Forms and Reports"}, {"operator": "eq", "version": "4.5.10.22", "name": "Oracle Forms and Reports"}], "enchantments": {"score": {"value": 5.1, "vector": "NONE", "modified": "2017-04-28T13:20:14", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2294"]}, {"type": "nessus", "idList": ["SOLARIS8_118828.NASL", "SOLARIS9_118829.NASL"]}], "modified": "2017-04-28T13:20:14", "rev": 2}, "vulnersScore": 5.1}, "references": [], "id": "OSVDB:18246", "lastseen": "2017-04-28T13:20:14", "cvelist": ["CVE-2005-2294"], "modified": "2005-07-12T10:29:54", "description": "## Vulnerability Description\nOracle Application Server contains a flaw in the Oracle Forms componentthat may lead to an unauthorized information disclosure. The issue is triggered when the number of records in a Oracle Forms application retrieved from the database exceeds the parameter \"buffered records\", and a temp file is created to hold a copy of the database table which will disclose database record information resulting in a loss of confidentiality.\n## Technical Description\nAn attacker must supply valid authentication credentials for the server hosting the database in order to exploit this vulnerability.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch (Critical Patch Update - July 2005) to address this vulnerability.\n## Short Description\nOracle Application Server contains a flaw in the Oracle Forms componentthat may lead to an unauthorized information disclosure. The issue is triggered when the number of records in a Oracle Forms application retrieved from the database exceeds the parameter \"buffered records\", and a temp file is created to hold a copy of the database table which will disclose database record information resulting in a loss of confidentiality.\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html)\nSecurity Tracker: 1014466\n[Secunia Advisory ID:15991](https://secuniaresearch.flexerasoftware.com/advisories/15991/)\n[Secunia Advisory ID:16121](https://secuniaresearch.flexerasoftware.com/advisories/16121/)\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1\nOther Advisory URL: http://www.red-database-security.com/advisory/oracle_forms_unsecure_temp_file_handling.html\nOther Advisory URL: http://www.us-cert.gov/cas/techalerts/TA04-245A.html\nMail List Post: http://marc.theaimsgroup.com/?l=full-disclosure&m=112128389427393&w=2\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0216.html\nKeyword: AS04\nISS X-Force ID: 21347\nGeneric Informational URL: http://www.eweek.com/article2/0,1895,1836304,00.asp\n[CVE-2005-2294](https://vulners.com/cve/CVE-2005-2294)\nCERT VU: 435974\nBugtraq ID: 14238\n"}
{"cve": [{"lastseen": "2021-02-02T05:24:37", "description": "Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers.", "edition": 4, "cvss3": {}, "published": "2005-07-18T04:00:00", "title": "CVE-2005-2294", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2294"], "modified": "2017-07-11T01:32:00", "cpe": ["cpe:/a:oracle:forms:6i", "cpe:/a:oracle:forms:4.5", "cpe:/a:oracle:forms:9i", "cpe:/a:oracle:forms:6.0"], "id": "CVE-2005-2294", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2294", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:oracle:forms:9i:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:forms:6i:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:forms:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:forms:4.5:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-17T14:01:32", "description": "Sun Management Center 3.5.1: Solaris 9 Oracle Patch.\nDate this patch was last updated by Sun : Jun/02/05", "edition": 22, "published": "2006-11-06T00:00:00", "title": "Solaris 9 (sparc) : 118829-04", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1364", "CVE-2004-1370", "CVE-2005-4884", "CVE-2004-1369", "CVE-2004-1366", "CVE-2005-2294", "CVE-2005-2293", "CVE-2004-1371", "CVE-2005-2292", "CVE-2004-1365", "CVE-2004-1367", "CVE-2004-1363", "CVE-2004-1362", "CVE-2005-2291", "CVE-2004-1368"], "modified": "2006-11-06T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_118829.NASL", "href": "https://www.tenable.com/plugins/nessus/23549", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23549);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-1362\", \"CVE-2004-1363\", \"CVE-2004-1364\", \"CVE-2004-1365\", \"CVE-2004-1366\", \"CVE-2004-1367\", \"CVE-2004-1368\", \"CVE-2004-1369\", \"CVE-2004-1370\", \"CVE-2004-1371\", \"CVE-2005-2291\", \"CVE-2005-2292\", \"CVE-2005-2293\", \"CVE-2005-2294\", \"CVE-2005-4884\");\n\n script_name(english:\"Solaris 9 (sparc) : 118829-04\");\n script_summary(english:\"Check for patch 118829-04\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 118829-04\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sun Management Center 3.5.1: Solaris 9 Oracle Patch.\nDate this patch was last updated by Sun : Jun/02/05\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/118829-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-389\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_cwe_id(22, 119, 200, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"118829-04\", obsoleted_by:\"\", package:\"SUNWesora\", version:\"3.5,REV=2004.03.16\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:01:24", "description": "Sun Management Center 3.5.1: Solaris 8 Oracle Patch.\nDate this patch was last updated by Sun : Jun/02/05", "edition": 22, "published": "2006-11-06T00:00:00", "title": "Solaris 8 (sparc) : 118828-04", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1364", "CVE-2004-1370", "CVE-2005-4884", "CVE-2004-1369", "CVE-2004-1366", "CVE-2005-2294", "CVE-2005-2293", "CVE-2004-1371", "CVE-2005-2292", "CVE-2004-1365", "CVE-2004-1367", "CVE-2004-1363", "CVE-2004-1362", "CVE-2005-2291", "CVE-2004-1368"], "modified": "2006-11-06T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_118828.NASL", "href": "https://www.tenable.com/plugins/nessus/23409", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23409);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-1362\", \"CVE-2004-1363\", \"CVE-2004-1364\", \"CVE-2004-1365\", \"CVE-2004-1366\", \"CVE-2004-1367\", \"CVE-2004-1368\", \"CVE-2004-1369\", \"CVE-2004-1370\", \"CVE-2004-1371\", \"CVE-2005-2291\", \"CVE-2005-2292\", \"CVE-2005-2293\", \"CVE-2005-2294\", \"CVE-2005-4884\");\n\n script_name(english:\"Solaris 8 (sparc) : 118828-04\");\n script_summary(english:\"Check for patch 118828-04\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 118828-04\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sun Management Center 3.5.1: Solaris 8 Oracle Patch.\nDate this patch was last updated by Sun : Jun/02/05\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/118828-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-389\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_cwe_id(22, 119, 200, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"118828-04\", obsoleted_by:\"\", package:\"SUNWesora\", version:\"3.5,REV=2004.03.16\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}
