SAINT CorporationSAINT:9287190C22214060AFE56271EDC1AEFAOracle Secure Backup login.php rbtool command injection
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Added: 01/20/2009
CVE: CVE-2008-5448
BID: 33177
OSVDB: 51342
Background
Oracle Secure Backup is a centralized tape backup management solution for Oracle Database.
Problem
A command injection vulnerability in the Oracle Secure Backup web interface allows a remote attacker to execute arbitrary commands specified in the **rbtool** parameter in an HTTP request for the **login.php** script.
Resolution
Apply the patch referenced in the Oracle Critical Patch Update Advisory - January 2009.
References
<http://www.zerodayinitiative.com/advisories/ZDI-09-003/>
Limitations
Exploit works on Oracle Secure Backup 10.1.0.3.
The IO-Socket-SSL PERL module is required for this exploit to run. This module is available from <http://www.cpan.org/modules/by-module/IO/>.
When the target is Windows, this exploit must be able to bind to port 69/UDP in order to succeed.
When the target is Linux, the target must have the “nc” utility in order for the exploit to succeed.
Platforms
Windows
Linux
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%