Oracle Secure Backup Flaws Let Remote Users Gain Full Control of the Target System - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Oracle Secure Backup

Vendors: Oracle

Oracle Secure Backup Flaws Let Remote Users Gain Full Control of the Target System

SecurityTracker Alert ID: 1025796

SecurityTracker URL: http://securitytracker.com/id/1025796

CVE Reference: CVE-2011-2251, CVE-2011-2252, CVE-2011-2261 (Links to External Site)

Date: Jul 19 2011

Impact: Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 10.3.0.3

Description: Several vulnerabilities were reported in Oracle Secure Backup. A remote user can gain full control of the target system.

A remote user can send specially crafted data via HTTP to gain full control of the target system on Windows-based systems [CVE-2011-2261]. On Linux, UNIX, and other platforms, the remote user can partially access and modify data and cause partial denial of service conditions.

A remote user can send specially crafted data via HTTP to partially access and modify data and cause partial denial of service conditions [CVE-2011-2251, CVE-2011-2252].

The following researchers reported these and other Oracle vulnerabilities:

Abdul-Aziz Hariri, reported through Secunia; Alexander Kornbrust of Red Database Security; Alexandr Polyakov of Digital Security; Brett Gervasoni of Sense of Security; CERT/CC; Dennis Yurichev; Esteban Martinez Fayo of Application Security, Inc.; Guy Pilosof of McAfee Security Research; Laszlo Toth; Michael Myngerbayev of McAfee Security Research; Monarch2020 of unsecurityresearch; Ofer Maor of Hacktics; Okan Basegmez of DORASEC Consulting; Paul M. Wright formerly of NGS Software; Scott Laurie of MWR InfoSecurity; Sow Ching Shiong, reported through Secunia; Steven Seeley of Corelan Team; Sumit Siddharth from 7safe; Tenable Network Security of TippingPoint's Zero Day Initiative; and Will Dormann of CERT/CC.

Impact: A remote user can gain full control of the target system.

A remote user can partially access and modify data and cause partial denial of service conditions

Solution: The vendor has issued a fix, described in their July 2011 Critical Patch Update advisory.

The vendor's advisory is available at:

http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html

Vendor URL: www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html (Links to External Site)

Cause: Not specified

Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003), Windows (2008), Windows (Vista), Windows (XP)

Message History: None.

Source Message Contents

Date: Tue, 19 Jul 2011 21:02:01 +0000
Subject: Oracle Secure Backup


CVE-2011-2251
CVE-2011-2252
CVE-2011-2261

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC