Lucene search

SAINT CorporationSAINT:D73F9992DBB4BE9C1C6EA2D7F21242C3

HistoryJun 22, 2009 - 12:00 a.m.

Oracle Secure Backup login.php ora_osb_lcookie command execution

2009-06-2200:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.3%

JSON

Added: 06/22/2009
CVE: CVE-2008-4006
BID: 33177
OSVDB: 51343

Background

Oracle Secure Backup is a centralized tape backup management solution for Oracle Database.

Problem

A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary commands specified in the **ora_osb_lcookie** parameter in an HTTP request for **login.php**.

Resolution

Apply the patch referenced in the Oracle Critical Patch Update for January 2009.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=768>

Limitations

Exploit works on Oracle Secure Backup 10.1.0.3.

When exploiting Windows targets, SAINTexploit must be able to bind to port 69/UDP.

When exploiting Linux targets, the “nc” utility must be installed on the target platform.

The IO-Socket-SSL PERL module is required for this exploit to run. This module is available from <http://www.cpan.org/modules/by-module/IO/>.

Platforms

Windows
Linux

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.3%

JSON

Related for SAINT:D73F9992DBB4BE9C1C6EA2D7F21242C3