Oracle Secure Backup Administration Server suffers from authentication bypass and command injection vulnerabilities.
8bbf1a7668ebf7f94b2ec20073f80c9f8f048f84184c40ab8880774b4df54dd6Secunia Security Advisory - Oracle has acknowledged two vulnerabilities in Oracle Secure Backup, which can be exploited by malicious people to cause a DoS (Denial of Service).
bce8679ddc9a4f688adca7c6930dd9d306957ee6a3a0e9233c1ee663850e1bddThis Metasploit module exploits an authentication bypass vulnerability in login.php. In conjunction with the authentication bypass issue, the 'jlist' parameter in property_box.php can be used to execute arbitrary system commands. This Metasploit module was tested against Oracle Secure Backup version 10.3.0.1.0
a6b9f81b959d5734b4b0566c794ef98effe3e6416939923022fc0bcd168099f4Secunia Security Advisory - Some vulnerabilities have been reported in Oracle Secure Backup, which can be exploited by malicious people to conduct cross-site scripting attacks, cross-site request forgery attacks, and compromise a vulnerable system.
04caf0f1ac4c12a575d72064dea523d84cf6ad3d5b4eab77409654ada714695fZero Day Initiative Advisory 11-238 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the validate_login function defined within /apache/htdocts/php/common.php. The username parameter is passed with limited sanitization to an exec_qr call which can be abused to inject commands. The sanitation that does occur can limit the exploitation of this issue, however code execution can likely still be achieved. Successful attempts will yield remote code execution under the context of the apache server.
8abe40785b4a1142c75a2394d5b25258bae169d31e77a2db6b90b719ce3703cfTechnical Cyber Security Alert 2011-201A - Oracle Database, Oracle Secure Backup, Oracle Fusion Middleware, and various other Oracle products suffer from vulnerabilities including remote execution of arbitrary code, information disclosure, and denial of service.
7c1bd1e3b5f0d9d514eee9dfcd1fbedbbcc91a1a8fc792a16611e4b45ca60fd3Secunia Security Advisory - A vulnerability has been reported in Oracle Secure Backup, which can be exploited by malicious people to manipulate certain data.
04567c53528aa43625fb1939271f7eef3214a8360224626b1c4834ea8197d96eSecunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Secure Backup, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to bypass certain security restrictions or to compromise a vulnerable system.
d0532743d334c61af2044a918bcc9aaaf02c70a28b8d3b99d02b05cdb37bb141Zero Day Initiative Advisory 10-124 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit these vulnerabilities. The specific flaws exist due to how the application passes CGI parameters to the internal obtool binary running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service.
f3eb8b93e738858b3c6e2a5e1d54e8b3d36f41f83639ca0370ec81c55f379812This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of commands sent to the obscheduled.exe service listening by default on TCP port 1026, or 1027. Due to a lack of bounds checking on a specific command sequence the program stack can be overwritten with user controlled data. Successful exploitation can lead to remote system compromise under the SYSTEM credentials.
b97beb4e58e46d6a4719bd8417540a0d0f63bac1d2dbac31e1272e615cc3a6b5Zero Day Initiative Advisory 10-123 - This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. The specific flaw exists within the register globals emulation layer which allows attackers to specify values for arbitrary program variables. When specific parameters are specified via the URI it is possible for an attacker to bypass the authentication mechanism and reach functionality otherwise inaccessible without proper credentials. This can be leveraged by remote attackers to trigger what were post-auth vulnerabilities without valid credentials.
1b6cb7c2d8ebbfb8aa18f8b3517e80976924e54abe93a72aade5cc60697221deZero Day Initiative Advisory 10-122 - This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the 'preauth' variable to the script index.php used in the administration server running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service.
93a62185ef8d18e9a29cfd9b57696ef14f36acaa2101b02cf3b5a2fb86c0cff8Zero Day Initiative Advisory 10-121 - This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the 'selector[0]' variable to the script index.php used in the administration server running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service.
48b582d620ae4d20b1dc5efd5459042a2efe4806e63f5df7d7a53cd406c9eb73Zero Day Initiative Advisory 10-120 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability. The specific flaw exists in the handling of variables to the property_box.php script located on the Oracle Secure Backup administration server. Due to the lack of filtering on special characters it is possible to specify arbitrary commands to the command line being executed by the administration server. Successful exploitation of this can lead to remote compromise under the credentials of the web server.
61f830c320fdec0772ce945d9ce3be52e3fec38c4da37fd3e68022a304d2bf32Zero Day Initiative Advisory 10-119 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability. The specific flaw exists in the handling of variables to the property_box.php script located on the Oracle Secure Backup administration server. Due to the lack of filtering on special characters it is possible to specify arbitrary commands to the command line being executed by the administration server. Successful exploitation of this can lead to remote compromise under the credentials of the web server.
97fed0676d2071c69c2c9f377c677e4efb75bb0ed4ea9ead9a0d07709bd5bbcbZero Day Initiative Advisory 10-118 - This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of user input to the uname variable of the login.php script running on the administration page of Oracle Secure Backup. Do to the lack of proper shell metacharacter filtering it is possible to bypass the login check. Successful exploitation of this vulnerability allows the attacker to access sensitive information running on the administration server without proper credentials.
a84daf45f55774169b51adedbd1ae06c4420baede8def2a3b970b7bb38d2066aSecunia Security Advisory - A vulnerability has been reported in Oracle Secure Backup, which can be exploited by malicious people to compromise a vulnerable system.
4380ddf8eff44e99b02c41efb47fd37e015de9b8cc2d180236ab17d8994f3645Zero Day Initiative Advisory 10-02 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Oracle Secure Backup Services daemon observiced.exe listening on TCP port 10000 by default. Due to the lack of bounds checking on the reverse lookup of connections to the port a stack overflow can occur leading to a complete compromise of the affected system under the credentials of the SYSTEM account.
eaab05ade537567d886353e24666c9cfbc4f2f7641f54907b4f4d494d750b97cThe module exploits a stack overflow in Oracle Secure Backup. When sending a specially crafted NDMP_CONNECT_CLIENT_AUTH packet, an attacker may be able to execute arbitrary code.
4e471a2a12f2256e9d20d468c87ba87b92c76a30bc71dc7a3f20d7dafcb36d12Fortinet has discovered a buffer overflow vulnerability in Oracle Secure Backup version 10.2.0.2 through the use of a malformed NDMP packet.
f461073432a52de146dd8e73f0eb93223fafe750c8674ad039cbc777d157927eFortinet has discovered multiple denial of service vulnerabilities in Oracle Secure Backup version 10.2.0.2 through the use of malformed packets on observiced.exe.
df7b3b69f5b30d45e5be2b32d6e2898ca8bf5ab08eb3414c476814f37f005a70Fortinet has discovered multiple denial of service vulnerabilities in Oracle Secure Backup version 10.2.0.2 through the use of malformed NDMP packets.
aa6e6263e9c776801cfdf0857f19de4023f1cc61d76558209700822d2d84294fZero Day Initiative Advisory 09-003 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine exec_qr() defined in the web script login.php. The user-supplied variable $rbtool is improperly sanitized and later passed through a call to popen(), this can result in remote pre-authentication command injection.
d4cd07bc743ecebda2d3c06bd6512358d54e624bcb8559f431c37c5b49682626The Oracle January 2009 Critical Patch Update fixes a vulnerability which allows a remote pre-authenticated attacker to execute arbitrary code in the context of the user running the web server of Oracle Secure Backup.In Windows environments, the vulnerability allows execution of arbitrary code as SYSTEM. In Unix and GNU/Linux environments, however, just as a normal user(oracle usually). Proof of concept code included.
0be6210659dc840c141aa2f7bab508fdbe7b79872fd8e733b4a438459e93b4c6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed