Oracle Secure Backup login.php rbtool command injection

Added: 01/20/2009
CVE: CVE-2008-5448
BID: 33177
OSVDB: 51342

Background

Oracle Secure Backup is a centralized tape backup management solution for Oracle Database.

Problem

A command injection vulnerability in the Oracle Secure Backup web interface allows a remote attacker to execute arbitrary commands specified in the rbtool parameter in an HTTP request for the login.php script.

Resolution

Apply the patch referenced in the Oracle Critical Patch Update Advisory - January 2009.

References

http://www.zerodayinitiative.com/advisories/ZDI-09-003/

Limitations

Exploit works on Oracle Secure Backup 10.1.0.3.

The IO-Socket-SSL PERL module is required for this exploit to run. This module is available from http://www.cpan.org/modules/by-module/IO/.

When the target is Windows, this exploit must be able to bind to port 69/UDP in order to succeed.

When the target is Linux, the target must have the "nc" utility in order for the exploit to succeed.

Platforms

Windows
Linux

Back to exploit index