Oracle Secure Backup
Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH Command Buffer Overflow Vulnerability
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in Oracle Secure Backup
Summary:
========
A Buffer Overflow vulnerability exists Oracle Secure Backup 10.2.0.2 through a malformed NDMP packet.
Oracle Secure Backup's observiced.exe Denial Of Service vulnerability
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers a vulnerability in observiced.exe of Oracle Secure Backup
Summary:
========
A Denial Of Service vulnerability exists Oracle Secure Backup 10.2.0.2 observiced.exe through malformed packet.
ZDI-09-003: Oracle Secure Backup exec_qr() Command Injection Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-003
January 14, 2009
-- Affected Vendors:
Oracle
-- Affected Products:
Oracle Secure Backup
ZDI-10-120: Oracle Secure Backup Administration objectname Command Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-120
July 13, 2010
-- CVSS:
9, (AV:N/AC:L/Au:S/C:C/I:C/A:C)
-- Affected Vendors:
Oracle
ZDI-10-002: Oracle Secure Backup observiced.exe Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-002
January 12, 2010
-- CVE ID:
CVE-2010-0072
-- Affected Vendors:
Oracle
ZDI-10-119: Oracle Secure Backup Administration $other Variable Command Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-119
July 13, 2010
-- CVSS:
9, (AV:N/AC:L/Au:S/C:C/I:C/A:C)
-- Affected Vendors:
Oracle
ZDI-10-118: Oracle Secure Backup Administration uname Authentication Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-118
July 13, 2010
-- CVSS:
9.7, (AV:N/AC:L/Au:N/C:C/I:C/A:P)
-- Affected Vendors:
Oracle
ZDI-11-238: Oracle Secure Backup validate_login Command Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-238
July 21, 2011
-- CVE ID:
CVE-2011-2261
-- CVSS:
Oracle Secure Backup Multiple Denial Of Service vulnerabilities
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers multiple vulnerabilities in Oracle Secure Backup
Summary:
========
Multiple Denial Of Service vulnerabilities exist Oracle Secure Backup 10.2.0.2 through malformed NDMP packets.
-- Affected Vendors:
Oracle
-- Affected Products:
Oracle Secure Backup
-- Vulnerability Details:
This vulnerability allows remote attackers to inject arbitrary commands
on vulnerable installations of Oracle Secure Backup. Authentication is
required to exploit this vulnerability but may be bypassed.
ZDI-10-122: Oracle Secure Backup Administration Command Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-122
July 13, 2010
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Oracle
ZDI-09-058: Oracle Secure Backup Administration Server Authentication Bypass
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-058
-- CVE ID:
CVE-2009-1977
-- Affected Vendors:
Oracle
ZDI-09-059: Oracle Secure Backup Administration Server Multiple Command
Injection Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-09-059
-- CVE ID:
CVE-2009-1978
-- Affected Vendors:
Oracle
ZDI-10-123: Oracle Secure Backup Administration Authentication Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-123
July 13, 2010
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Oracle
TPTI-10-04: Oracle Secure Backup Scheduler Service Remote Code Execution Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-10-04
-- CVE ID:
CVE-2010-0898
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
ZDI-10-124: Oracle Secure Backup Web Interface Various Post-Auth Command Injection Remote Code Execution Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-10-124
July 13, 2010
-- CVSS:
9, (AV:N/AC:L/Au:S/C:C/I:C/A:C)
-- Affected Vendors:
Oracle
http://labs.idefense.com/intelligence/vulnerabilities/
Jan 13, 2009
I. BACKGROUND
Oracle Secure Backup is a network backup system for Oracle Databases.
For more information, see:
http://www.oracle.com/database/secure-backup.html
II. DESCRIPTION
Is the affected product Secure Backup accidentally missing from the subject line and the advisory title,
i.e. the correct title is Oracle Secure Backup Administration selector Command Injection Remote Code Execution Vulnerability?
Juha-Matti
ZDI Disclosures [zdi-disclosures@tippingpoint.com] wrote:
> ZDI-10-121: Command Injection Remote Code Execution Vulnerability
> http://www.zerodayinitiative.com/advisories/ZDI-10-121
> July 13, 2010
>
|
