Lucene search
SAINT CorporationSAINT:A6224950024E6A85A495328F334C9010HistoryJan 28, 2009 - 12:00 a.m.
Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH buffer overflow
2009-01-2800:00:00
SAINT Corporation
www.saintcorporation.com
6
0.932 High
EPSS
Percentile
98.8%
Added: 01/28/2009
CVE: CVE-2008-5444
BID: 33177
OSVDB: 51340
Background
Oracle Secure Backup is a centralized tape backup management solution for Oracle Database.
Problem
A buffer overflow vulnerability in Oracle Secure Backup when handling the NDMP protocol allows remote attackers to execute arbitrary commands by sending a long, specially crafted Username value in an **NDMP_CONECT_CLIENT_AUTH** request.
Resolution
Apply the January 2009 Oracle Critical Patch Update.
References
<http://archives.neohapsis.com/archives/bugtraq/2009-01/0143.html>
Limitations
Exploit works on Oracle Secure Backup 10.1.0.3.
Platforms
Windows 2000
Linux
Related
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH Command Buffer Overflow Vulnerability
2009-01-16 00:00:00
Oracle applications multiple security vulnerabilities
2009-12-15 00:00:00
saint
saint
Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH buffer overflow
2009-01-28 00:00:00
Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH buffer overflow
2009-01-28 00:00:00
Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH buffer overflow
2009-01-28 00:00:00
packetstorm
packetstorm
Oracle Secure Backup NDMP_CONNECT_CLIENT_AUTH Buffer Overflow
2009-11-26 00:00:00
prion
prion
Design/Logic Flaw
2009-01-14 01:30:00
Design/Logic Flaw
2009-01-14 01:30:00
Design/Logic Flaw
2009-01-14 01:30:00
cve
cve
oracle
oracle
CPU Jan 2009
2009-01-13 00:00:00