exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

OracleRemExecService Command Execution

OracleRemExecService Command Execution
Posted Jan 21, 2011
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - It is possible to execute arbitrary operating system commands as localsystem when certain maintenance tasks are executed. For instance, when Database Configuration Assistant is invoked or Oracle Universal Installer is used to modify features. These tools use a Windows service to execute various commands: the service itself relies on a named pipe to receive the commands. The pipe handling is not secure enough resulting in the vulnerability.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2010-4423
SHA-256 | 917ec70d2616d1daa738ea18642a5db3ecb8441d150203729a61d9b856e59d94

OracleRemExecService Command Execution

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TeamSHATTER Security Advisory

January 20, 2011

Risk Level:
Medium

Affected versions:
Oracle Database Server version 10gR2, 11gR1 and 11gR2

Remote exploitable:
No

Credits:
This vulnerability was discovered and researched by Martin Rakhmanov of Application Security Inc.

Details:
It is possible to execute arbitrary operating system commands as localsystem when certain maintenance tasks are executed.
For instance, when Database Configuration Assistant is invoked or Oracle Universal Installer is used to modify features.
These tools use a Windows service to execute various commands: the service itself relies on a named pipe to receive the
commands. The pipe handling is not secure enough resulting in the vulnerability.

Impact:
It is possible for a local user to execute code as localsystem.

Vendor Status:
Vendor was contacted and a patch was released.

Workaround:
There is no workaround for this vulnerability. This vulnerability affects Windows platforms only.

Fix:
Apply Oracle Critical Patch Update January 2011 available at Oracle Metalink.

CVE:
CVE-2010-4423

Links:
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.teamshatter.com/topics/security-advisory/advisory-oracleremexecservice-command-excution-via-named-pipe-vulnerability-windows-only

Timeline:
Vendor Notification - 8/10/2010
Vendor Response - 8/11/2010
Fix - 1/18/2011
Public Disclosure - 1/20/2011

Application Security, Inc's database security solutions have helped over 2000 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements.

Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)

iEYEARECAAYFAk057N4ACgkQRx91imnNIgET7wCfR0kQdOtyTjpfp+icroFAH5h7
GLwAnRG9s7PPAVahWZ1V4Hk01y3I9Jt/
=iOrb
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    9 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close