SAINT CorporationSAINT:23DAA73EA5B8B9AD8B1CFE67B06ECFF8Oracle Secure Backup Administration selector parameter command injection
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%
Added: 11/19/2010
CVE: CVE-2010-0906
BID: 41597
OSVDB: 67128
Background
Oracle Secure Backup is a centralized tape backup management solution for Oracle Database.
Problem
A command injection vulnerability allows remote, authenticated attackers to execute arbitrary commands specified in the **selector[0]** parameter in a request for **index.php**.
Resolution
Apply the Critical Patch Update for July 2010.
References
<http://www.zerodayinitiative.com/advisories/ZDI-10-121/>
Limitations
Exploit works on Oracle Secure Backup 10.3.0.1.0.
A valid login and password for Oracle Secure Backup Administration Server is required.
The binary ‘smbclient’ must be available to the script.
The target must be able to access the specified SMB share anonymously.
A valid login and password with write permission for the specified SMB share are required.
The target Oracle Secure Backup Administration Server must be configured to listen on the HTTP port (80/TCP).
Platforms
Windows
Related
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%