Lucene search

SAINT CorporationSAINT:462192DDE591EDC5B98F0E7B647A2C4A

HistoryDec 06, 2010 - 12:00 a.m.

Oracle Secure Backup Administration preauth variable command injection

2010-12-0600:00:00

SAINT Corporation

my.saintcorporation.com

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Added: 12/06/2010
CVE: CVE-2010-0906
BID: 41597
OSVDB: 67128

Background

Oracle Secure Backup is a centralized tape backup management solution for Oracle Database.

Problem

A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are specified within a specially crafted **preauth** parameter.

Resolution

Apply the Critical Patch Update for July 2010.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-122/>

Limitations

Exploit works on Oracle Secure Backup 10.3.0.1.0 and requires a valid user and password for Oracle Secure Backup Administration Server.

The exploit requires the ‘smbclient’ program.

The target must be able to access the specified SMB share anonymously.

Valid SMB user credentials with the writable permission to the specified SMB share are required.

This exploit requires the IO::Socket::SSL PERL module.

Platforms

Windows

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Related for SAINT:462192DDE591EDC5B98F0E7B647A2C4A