Oracle Enterprise Manager Agent buffer overflow

2005-11-30T00:00:00
ID SAINT:FB894047566EA31803C2E4A05302CAF5
Type saint
Reporter SAINT Corporation
Modified 2005-11-30T00:00:00

Description

Added: 11/30/2005
CVE: CVE-2005-3460
BID: 15146
OSVDB: 20664

Background

Oracle Application Server 10g includes the **emagent.exe** program which listens for connections on port 1830/TCP by default.

Problem

A buffer overflow vulnerability in **emagent.exe** could allow a remote attacker to execute arbitrary commands.

Resolution

See the October 2005 Oracle Critical Patch Update.

References

<http://www.securityfocus.com/archive/1/413957>

Platforms

Windows 2000
Windows XP
Windows Server 2003