Oracle Secure Backup Administration property_box.php objectname command injection

2010-09-30T00:00:00
ID SAINT:A6C0ACD6C5E5C26544E3AC2D0533D9B1
Type saint
Reporter SAINT Corporation
Modified 2010-09-30T00:00:00

Description

Added: 09/30/2010
CVE: CVE-2010-0906
BID: 41597
OSVDB: 66340

Background

Oracle Secure Backup is a centralized tape backup management solution for Oracle Database.

Problem

A vulnerability in the property_box.php script allows remote attackers to inject arbitrary commands via the objectname parameter.

Resolution

Apply the patch referenced in the Oracle Critical Patch Update - July 2010.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-120/>

Limitations

Exploit works on Oracle Secure Backup 10.3.0.1.0 and requires a valid login and password for Oracle Secure Backup Administration Server.

The target must have read access to the specified SMB share.

The login and password of an account with write access to the specified SMB share must be provided.

The target server must be configured to listen on the HTTP port.

Platforms

Windows