Oracle Secure Backup login.php ora_osb_lcookie command execution

Added: 06/22/2009
CVE: CVE-2008-4006
BID: 33177
OSVDB: 51343

Background

Oracle Secure Backup is a centralized tape backup management solution for Oracle Database.

Problem

A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary commands specified in the ora_osb_lcookie parameter in an HTTP request for login.php.

Resolution

Apply the patch referenced in the Oracle Critical Patch Update for January 2009.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=768

Limitations

Exploit works on Oracle Secure Backup 10.1.0.3.

When exploiting Windows targets, SAINTexploit must be able to bind to port 69/UDP.

When exploiting Linux targets, the "nc" utility must be installed on the target platform.

The IO-Socket-SSL PERL module is required for this exploit to run. This module is available from http://www.cpan.org/modules/by-module/IO/.

Platforms

Windows
Linux

Back to exploit index