Oracle Secure Backup login.php ora_osb_lcookie command execution

2009-06-22T00:00:00
ID SAINT:C7A735D9D52436ABF1F66C7BB5CEA2AA
Type saint
Reporter SAINT Corporation
Modified 2009-06-22T00:00:00

Description

Added: 06/22/2009
CVE: CVE-2008-4006
BID: 33177
OSVDB: 51343

Background

Oracle Secure Backup is a centralized tape backup management solution for Oracle Database.

Problem

A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary commands specified in the **ora_osb_lcookie** parameter in an HTTP request for **login.php**.

Resolution

Apply the patch referenced in the Oracle Critical Patch Update for January 2009.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=768>

Limitations

Exploit works on Oracle Secure Backup 10.1.0.3.

When exploiting Windows targets, SAINTexploit must be able to bind to port 69/UDP.

When exploiting Linux targets, the "nc" utility must be installed on the target platform.

The IO-Socket-SSL PERL module is required for this exploit to run. This module is available from <http://www.cpan.org/modules/by-module/IO/>.

Platforms

Windows
Linux