Oracle Secure Backup login.php rbtool command injection
Added: 01/20/2009CVE: CVE-2008-5448
BID: 33177
OSVDB: 51342
Background
Oracle Secure Backup is a centralized tape backup management solution for Oracle Database.Problem
A command injection vulnerability in the Oracle Secure Backup web interface allows a remote attacker to execute arbitrary commands specified in the rbtool parameter in an HTTP request for the login.php script.Resolution
Apply the patch referenced in the Oracle Critical Patch Update Advisory - January 2009.References
http://www.zerodayinitiative.com/advisories/ZDI-09-003/Limitations
Exploit works on Oracle Secure Backup 10.1.0.3.The IO-Socket-SSL PERL module is required for this exploit to run. This module is available from http://www.cpan.org/modules/by-module/IO/.
When the target is Windows, this exploit must be able to bind to port 69/UDP in order to succeed.
When the target is Linux, the target must have the "nc" utility in order for the exploit to succeed.
Platforms
WindowsLinux
Back to exploit index