Vulnerabilities > CVE-2009-1978 - Arbitrary Command Execution vulnerability in Oracle Secure Backup 10.2.0.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows remote authenticated users to execute arbitrary code with SYSTEM privileges via vectors involving property_box.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
D2sec
| name | Oracle Secure Backup 10.3.0.1 RCE |
| url | http://www.d2sec.com/exploits/oracle_secure_backup_10.3.0.1_rce.html |
Metasploit
| description | This module exploits an authentication bypass vulnerability in login.php in order to execute arbitrary code via a command injection vulnerability in property_box.php. This module was tested against Oracle Secure Backup version 10.3.0.1.0 (Win32). |
| id | MSF:AUXILIARY/ADMIN/ORACLE/OSB_EXECQR2 |
| last seen | 2019-12-13 |
| modified | 2017-07-24 |
| published | 2009-09-16 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/admin/oracle/osb_execqr2.rb |
| title | Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/81262/osbs-bypass.txt |
| id | PACKETSTORM:81262 |
| last seen | 2016-12-05 |
| published | 2009-09-15 |
| reporter | Luca Carettoni |
| source | https://packetstormsecurity.com/files/81262/Oracle-Secure-Backup-Server-Bypass-Command-Injection.html |
| title | Oracle Secure Backup Server Bypass / Command Injection |
Saint
| bid | 35678 |
| description | Oracle Secure Backup property_box.php type parameter command execution |
| id | database_oracle_backupver |
| osvdb | 55904 |
| title | oracle_secure_backup_property_box_type |
| type | remote |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:12329 |
| last seen | 2017-11-19 |
| modified | 2009-09-16 |
| published | 2009-09-16 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-12329 |
| title | Oracle Secure Backup Server 10.3.0.1.0 Auth Bypass/RCI Exploit |
References
- http://osvdb.org/55904
- http://secunia.com/advisories/35776
- http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
- http://www.securityfocus.com/bid/35678
- http://www.securitytracker.com/id?1022565
- http://www.vupen.com/english/advisories/2009/1900
- http://www.zerodayinitiative.com/advisories/ZDI-09-059/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51762