Lucene search

SAINT CorporationSAINT:B47D47694D7EC31ED49AE45F84EDEF8B

HistoryJan 28, 2009 - 12:00 a.m.

Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH buffer overflow

2009-01-2800:00:00

SAINT Corporation

download.saintcorporation.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.937

Percentile

99.2%

JSON

Added: 01/28/2009
CVE: CVE-2008-5444
BID: 33177
OSVDB: 51340

Background

Oracle Secure Backup is a centralized tape backup management solution for Oracle Database.

Problem

A buffer overflow vulnerability in Oracle Secure Backup when handling the NDMP protocol allows remote attackers to execute arbitrary commands by sending a long, specially crafted Username value in an **NDMP_CONECT_CLIENT_AUTH** request.

Resolution

Apply the January 2009 Oracle Critical Patch Update.

References

<http://archives.neohapsis.com/archives/bugtraq/2009-01/0143.html>

Limitations

Exploit works on Oracle Secure Backup 10.1.0.3.

Platforms

Windows 2000
Linux

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.937

Percentile

99.2%

JSON

Related for SAINT:B47D47694D7EC31ED49AE45F84EDEF8B