Vulnerabilities > CVE-2013-3762 - Remote Security vulnerability in Oracle products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
oracle
nessus

Summary

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2, 12.1.0.3, and 12.1.0.4 allows remote attackers to affect integrity via unknown vectors related to Schema Management.

Nessus

NASL familyMisc.
NASL idORACLE_DB_MGMT_PLUGIN_OCT2013_CPU_NIX.NASL
descriptionThe Oracle Database Management Plug-In installed on the remote host is missing the October 2013 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the Enterprise Manager Base Platform component : - An unspecified flaw exists in the Schema Management subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2013-3762) - An unspecified flaw exists in the DB Performance Advisories/UIs subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2013-5766) - Multiple unspecified flaws exist in the Storage Management subcomponent that allow an unauthenticated, remote attacker to impact integrity. (CVE-2013-5827, CVE-2013-5828)
last seen2020-06-01
modified2020-06-02
plugin id70546
published2013-10-22
reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/70546
titleOracle Database Management Plug-In Unix (October 2013 CPU) (credentialed check)
code
#TRUSTED 0cb871540e62fc487a1f4bc6990480ef6d159bd96ae349063f770d60213b49cee161a33f8f1ee1693a9b7b60a6aa4e6e967cdc0468fb2523793825877d0ff8da9fa7e6238aca050099772d39ead9263a8f89e59e526ef2c58e3e6d847d09a82c16617b142154a5a774f0b9fba8da18253727f5102ea33ca40dcf88fc03fbc3e3461ab3fdd9f7ad90f226ba0ece9e4b368b6f6feb30d66edd74ff33a6cae46131aa115af3f92943a4e7a1620592b071d563a4d7f8936eadc97423c9cd75170b65adf1c1375a89b42215f247e8e731115cb4ee195cd39984270c7b0c06f0dff479ce1e152d8253a932bc28842fd7302ac6fd82729348d0a0567872b5cc02e7b4f78b6adf8aa06a792bae21cf55d4711d8a7fd03116acf8bf703551099e1b5ed8df64c92b82103fd1d76d2ae7b821f799048a5c5f932455cc12b5b620ea3245224c0004a3dfbaccf2b9b7b146b013a23eef65e63ff03a62cd954a1e5e363dbbc031b0782c7b6bbb889b5ccdd135e78d1180b6a617784b2500d3d946378a9dc58f34cee9e86cd384b023ec89ada8917e3823987c8fac4d880eef505c46fe43825852698e6b723138e5c06c977a940334e0ade4717240ba6f4668db4f18e2496544237f21820230145cbf80d8512f0c365842b2a8c58a832b87a90d7516fb7d5a4738efeedd4229100e096d6ee6a342f436f09e3d6868c4efd39cb6b61761d526a967
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(70546);
  script_version("1.10");
  script_cvs_date("Date: 2019/11/27");

  script_cve_id(
    "CVE-2013-3762",
    "CVE-2013-5766",
    "CVE-2013-5827",
    "CVE-2013-5828"
  );
  script_bugtraq_id(
    63056,
    63064,
    63068,
    63071
  );

  script_name(english:"Oracle Database Management Plug-In Unix (October 2013 CPU) (credentialed check)");
  script_summary(english:"Checks for patch ID.");

  script_set_attribute(attribute:"synopsis", value:
"A database management application installed on the remote host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The Oracle Database Management Plug-In installed on the remote host is
missing the October 2013 Critical Patch Update (CPU). It is,
therefore, affected by multiple vulnerabilities in the Enterprise
Manager Base Platform component :

  - An unspecified flaw exists in the Schema Management
    subcomponent that allows an unauthenticated, remote
    attacker to impact integrity. (CVE-2013-3762)

  - An unspecified flaw exists in the DB Performance
    Advisories/UIs subcomponent that allows an
    unauthenticated, remote attacker to impact integrity.
    (CVE-2013-5766)

  - Multiple unspecified flaws exist in the Storage
    Management subcomponent that allow an unauthenticated,
    remote attacker to impact integrity. (CVE-2013-5827,
    CVE-2013-5828)");
  # http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ac29c174");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2013 Oracle
Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_plugin_for_database_control");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssh_func.inc");
include("telnet_func.inc");
include("hostlevel_funcs.inc");


if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

# Only the following OSes are currently supported
unsupported = 1;
if (
  get_kb_item("Host/CentOS/release") ||
  get_kb_item("Host/Debian/release") ||
  get_kb_item("Host/FreeBSD/release") ||
  get_kb_item("Host/Gentoo/release") ||
  get_kb_item("Host/HP-UX/version") ||
  get_kb_item("Host/Mandrake/release") ||
  get_kb_item("Host/RedHat/release") ||
  get_kb_item("Host/Slackware/release") ||
  get_kb_item("Host/Solaris/Version") ||
  get_kb_item("Host/SuSE/release") ||
  get_kb_item("Host/Ubuntu/release") ||
  get_kb_item("Host/AIX/version")
) unsupported = 0;

if (unsupported) exit(0, "Oracle Database Management Plug-In checks are not supported on the remote OS at this time.");

# We may support other protocols here
if ( islocalhost() )
{
  if (!defined_func("pread")) exit(1, "'pread()' is not defined.");
  info_t = INFO_LOCAL;
}
else
{
  sock_g = ssh_open_connection();
  if (!sock_g) audit(AUDIT_FN_FAIL, 'ssh_open_connection');
  info_t = INFO_SSH;
}

# Find the inventory.xml file and read it in
# Parse the results to get the paths and version of the DB plugins
info = "";
cmd =
  'cat /etc/oraInst.loc | ' +
  'grep -h "inventory_loc=" | ' +
  'sed \'s/inventory_loc=\\(.*\\)/\\1\\/ContentsXML\\/inventory.xml/g\' | xargs cat';

paths = make_array();
buf = info_send_cmd(cmd:cmd);
if (buf)
{
  buf = chomp(buf);
  if ('HOME NAME="oms12c' >< buf)
  {
    chunk = strstr(buf, '<HOME NAME="oms12c') - '<HOME NAME="oms12c';
    chunk = strstr(chunk, '<REFHOMELIST>') - '<REFHOMELIST>';
    chunk = chunk - strstr(chunk, '</REFHOMELIST>');
    chunk = chomp(chunk);

    foreach item (split(chunk))
    {
      path = '';
      # If the item is a DB 12.1.0.3 or 12.1.0.4 plugin, save the path
      if (item =~ "/oracle\.sysman\.db\.oms\.plugin_[^/0-9]*12\.1\.0\.[2-4]($|[^0-9])")
      {
        path = ereg_replace(pattern:'^\\s+<REFHOME LOC="([^"]+)".*', string:item, replace:"\1");
        version = strstr(path, 'plugin_') - 'plugin_';
        paths[version] = path;
      }
    }
  }
}

if (max_index(keys(paths)) == 0)
{
  if (info_t == INFO_SSH) ssh_close_connection();
  exit(0, "No affected Oracle Database Management Plug-Ins were detected on the remote host.");
}

# Loop over the DB Management Plug-In paths
info = '';
foreach version (keys(paths))
{
  if ('12.1.0.2' >< version) patchid = '15985383';
  else if ('12.1.0.3' >< version) patchid = '17171101';
  else if ('12.1.0.4' >< version) patchid = '17366505';

  path = paths[version];
  buf = info_send_cmd(cmd:"cat " + path + "/.patch_storage/interim_inventory.txt");

  if (!buf)
    info += '  ' + version + '\n';
  else
  {
    # Parse the file to see what patches have been installed
    buf = chomp(buf);
    chunk = strstr(buf, '# apply: the patch to be applied.') - '# apply: the patch to be applied.';
    chunk = chunk - strstr(chunk, '# apply: list of patches to be auto-rolled back.');
    chunk = chomp(substr(chunk, 1));

    if (patchid >!< chunk)
      info += '  ' + version + '\n';
  }
}
if (info_t == INFO_SSH) ssh_close_connection();

if (info)
{
  if (report_verbosity > 0)
  {
    report +=
      '\nThe following affected Oracle Database Managment Plug-Ins were detected' +
      '\non the remote host :' +
      '\n' +
      info;
    security_warning(port:0, extra:report);
  }
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, 'affected');