SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Oracle Secure Backup Vendors:   Oracle
Oracle Secure Backup Lets Remote Users Gain Full Control of the Target System
SecurityTracker Alert ID:  1024193
SecurityTracker URL:  http://securitytracker.com/id/1024193
CVE Reference:   CVE-2010-0898, CVE-2010-0899, CVE-2010-0904, CVE-2010-0906, CVE-2010-0907   (Links to External Site)
Date:  Jul 13 2010
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.3.0.1
Description:   Several vulnerabilities were reported in Oracle Secure Backup. A remote user can gain full control of the target system.

A remote user can send specially crafted data via TCP or HTTP to exploit unspecified flaws and gain full control of the target system.

For two of the vulnerabilities, authentication is required. For the remaining three vulnerabilities, authentication is not required.

The following researchers reported these and other Oracle vulnerabilities:

Maksymilian Arciemowicz of SecurityReason; Okan Basegmez of DORASEC Consulting; Check Point Software; Esteban Martinez Fayo of Application Security, Inc.; Stephen Fewer of iDefense; Roy Fox of Sentrigo; Tobias Klein; Ofer Maor of Hacktics; MarkoT of Corelan Team; Slavik Markovich of Sentrigo; Andrea Micalizzi of TippingPoint's Zero Day Initiative; Monarch2020 of unsecurityresearch; Timothy D. Morgan of Virtual Security Research; Martin O'Neal of Corsaire Limited; Petko Petkov of Corsaire Limited; Cody Pierce of TippingPoint DVLabs; Andrea Purificato; an Anonymous Reporter of TippingPoint's Zero Day Initiative; John S.; Piotr Samborski of Wyzsza Szkola Informatyki; Sumit Siddharth; Frank Stuart; Laszlo Toth; Janek Vind of iDefense; and Dennis Yurichev of Sentrigo.
Impact:   A remote user can gain full control of the target system.
Solution:   The vendor has issued a fix, described in their July 2010 Critical Patch Update advisory.

The Oracle advisory is available at:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html
Vendor URL:  www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html (Links to External Site)
Cause:   Not specified
Underlying OS:   Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003), Windows (XP)

Message History:   None.

 Source Message Contents
Date:  Tue, 13 Jul 2010 20:54:31 +0000
Subject:  Oracle Secure Backup


CVE-2010-0898
CVE-2010-0899
CVE-2010-0904
CVE-2010-0906
CVE-2010-0907


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC