Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:4337DB13D77053A2E789E2E2C6F91349
HistoryJun 22, 2009 - 12:00 a.m.

Oracle Secure Backup login.php ora_osb_lcookie command execution

2009-06-2200:00:00
SAINT Corporation
www.saintcorporation.com
15

0.026 Low

EPSS

Percentile

89.1%

JSON

Added: 06/22/2009
CVE: CVE-2008-4006
BID: 33177
OSVDB: 51343

Background

Oracle Secure Backup is a centralized tape backup management solution for Oracle Database.

Problem

A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary commands specified in the **ora_osb_lcookie** parameter in an HTTP request for **login.php**.

Resolution

Apply the patch referenced in the Oracle Critical Patch Update for January 2009.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=768&gt;

Limitations

Exploit works on Oracle Secure Backup 10.1.0.3.

When exploiting Windows targets, SAINTexploit must be able to bind to port 69/UDP.

When exploiting Linux targets, the “nc” utility must be installed on the target platform.

The IO-Socket-SSL PERL module is required for this exploit to run. This module is available from <http://www.cpan.org/modules/by-module/IO/&gt;.

Platforms

Windows
Linux

Related

saint 3
prion 1
securityvulns 2
cve 1
nessus 1
checkpoint_advisories 1
openvas 2
oracle 1
saint
saint
Oracle Secure Backup login.php ora_osb_lcookie command execution
2009-06-22 00:00:00
Oracle Secure Backup login.php ora_osb_lcookie command execution
2009-06-22 00:00:00
Oracle Secure Backup login.php ora_osb_lcookie command execution
2009-06-22 00:00:00
prion
prion
Design/Logic Flaw
2009-01-14 01:30:00
securityvulns
securityvulns
iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability
2009-01-16 00:00:00
Oracle applications multiple security vulnerabilities
2009-12-15 00:00:00
cve
cve
CVE-2008-4006
2009-01-14 01:30:00
nessus
nessus
Oracle Secure Backup Administration Server login.php Arbitrary Command Injection
2009-01-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Secure Backup Multiple Command Injections (CVE-2008-4006; CVE-2008-5448; CVE-2008-5449)
2009-02-23 00:00:00
openvas
openvas
Ubuntu USN-708-1 (hplip)
2009-01-20 00:00:00
Ubuntu USN-707-1 (cupsys)
2009-06-05 00:00:00
oracle
oracle
CPU Jan 2009
2009-01-13 00:00:00

0.026 Low

EPSS

Percentile

89.1%

JSON
Related for SAINT:4337DB13D77053A2E789E2E2C6F91349
saint3prion1securityvulns2cve1nessus1checkpoint_advisories1openvas2oracle1