exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Oracle Secure Backup Denial Of Service

Oracle Secure Backup Denial Of Service
Posted Jan 16, 2009
Authored by Zhenhua Liu, XiaoPeng Zhang | Site fortinet.com

Fortinet has discovered multiple denial of service vulnerabilities in Oracle Secure Backup version through the use of malformed NDMP packets.

tags | advisory, denial of service, vulnerability
advisories | CVE-2008-5441, CVE-2008-5442, CVE-2008-5443
SHA-256 | aa6e6263e9c776801cfdf0857f19de4023f1cc61d76558209700822d2d84294f

Oracle Secure Backup Denial Of Service

Change Mirror Download
Oracle Secure Backup Multiple Denial Of Service vulnerabilities

Fortinet's FortiGuard Global Security Research Team Discovers multiple vulnerabilities in Oracle Secure Backup


Multiple Denial Of Service vulnerabilities exist Oracle Secure Backup through malformed NDMP packets.


Remote Denial Of Service


Medium (Base Score:5.0)

Affected Software:

Oracle Secure Backup

Additional Information:

1>[CVE-2008-5441]Sending a malformed NDMP connect open(NDMP_CONNECT_OPEN command) packet will cause a crash.
2>[CVE-2008-5442]Sending a malformed NDMP connect close(NDMP_CONNECT_CLOSE command) packet will cause a crash.
3>[CVE-2008-5443]Sending a malformed NDMP mover get state(NDMP_MOVER_GET_STATE command) packet will cause a crash.


Use the solution provided by Oracle http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html

Fortinet customers who subscribe to Fortinet¡¯s intrusion prevention (IPS) service should be protected against these Remote Denial Of
Service vulnerabilities. Fortinet¡¯s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.


Zhenhualiu and XiaopengZhang of Fortinet's FortiGuard Global Security Research Team



CVE ID: CVE-2008-5441
CVE ID: CVE-2008-5442
CVE ID: CVE-2008-5443

*** This email and any attachments thereto may contain private, confidential, and privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto. ***
Login or Register to add favorites

File Archive:

May 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    16 Files
  • 3
    May 3rd
    38 Files
  • 4
    May 4th
    15 Files
  • 5
    May 5th
    35 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    8 Files
  • 9
    May 9th
    65 Files
  • 10
    May 10th
    19 Files
  • 11
    May 11th
    27 Files
  • 12
    May 12th
    8 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    1 Files
  • 15
    May 15th
    19 Files
  • 16
    May 16th
    66 Files
  • 17
    May 17th
    28 Files
  • 18
    May 18th
    32 Files
  • 19
    May 19th
    13 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    23 Files
  • 23
    May 23rd
    15 Files
  • 24
    May 24th
    49 Files
  • 25
    May 25th
    20 Files
  • 26
    May 26th
    13 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    11 Files
  • 30
    May 30th
    46 Files
  • 31
    May 31st
    15 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By