Vulnerabilities > CVE-2013-5763 - Stack Buffer Overflow vulnerability in Oracle Fusion Middleware 8.4
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Maintenance. NOTE: the original disclosure of this issue erroneously mapped it to CVE-2013-3624. Per: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html "Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Msbulletin
| bulletin_id | MS13-105 |
| bulletin_url | |
| date | 2013-12-10T00:00:00 |
| impact | Remote Code Execution |
| knowledgebase_id | 2915705 |
| knowledgebase_url | |
| severity | Critical |
| title | Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution |
Nessus
NASL family CGI abuses NASL id WEBSPHERE_PORTAL_CVE-2013-5791.NASL description The version of IBM WebSphere Portal on the remote host is affected by multiple remote code execution vulnerabilities in the Outside In Technology component : - A stack overflow in the Filters subcomponent of the OS/2 Metafile Parser. (CVE-2013-5763) - A stack overflow in the Microsoft Access database file format parser. (CVE-2013-5791) A remote attacker can use specially crafted files to cause a buffer overflow and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 73499 published 2014-04-14 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73499 title IBM WebSphere Portal Outside In Technology Multiple Overflows (PI07290) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(73499); script_version("1.7"); script_cvs_date("Date: 2019/11/26"); script_cve_id("CVE-2013-5763", "CVE-2013-5791"); script_bugtraq_id(63076, 63741); script_xref(name:"EDB-ID", value:"31222"); script_xref(name:"CERT", value:"953241"); script_name(english:"IBM WebSphere Portal Outside In Technology Multiple Overflows (PI07290)"); script_summary(english:"Checks for installed patches."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has web portal software installed that is affected by multiple remote code execution vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of IBM WebSphere Portal on the remote host is affected by multiple remote code execution vulnerabilities in the Outside In Technology component : - A stack overflow in the Filters subcomponent of the OS/2 Metafile Parser. (CVE-2013-5763) - A stack overflow in the Microsoft Access database file format parser. (CVE-2013-5791) A remote attacker can use specially crafted files to cause a buffer overflow and execute arbitrary code."); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21660640"); script_set_attribute(attribute:"see_also", value:"http://xforce.iss.net/xforce/xfdb/87925"); script_set_attribute(attribute:"see_also", value:"http://xforce.iss.net/xforce/xfdb/88557"); script_set_attribute(attribute:"solution", value: "IBM has published Interim Fix PI07290. This fix is a part of 7.0.0.2 CF27 and 8.0.0.1 CF10. Refer to IBM's advisory for more information."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5791"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/15"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/14"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("websphere_portal_installed.nbin"); script_require_keys("installed_sw/IBM WebSphere Portal", "Settings/ParanoidReport"); exit(0); } include("websphere_portal_version.inc"); # A workaround is available if (report_paranoia < 2) audit(AUDIT_PARANOID); websphere_portal_check_version( ranges:make_list( "6.0.0.0, 6.0.0.1", "6.1.0.0, 6.1.0.6, CF27", "6.1.5.0, 6.1.5.3, CF27", "7.0.0.0, 7.0.0.2, CF25", "8.0.0.0, 8.0.0.1, CF08" ), fix:"PI07290", severity:SECURITY_NOTE );NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS13-105.NASL description The version of Microsoft Exchange installed on the host is affected by the following vulnerabilities : - A code execution vulnerability exists that could allow an attacker to execute arbitrary code in the context of the OWA service account. (CVE-2013-1330) - A cross-site scripting vulnerability exists in OWA in which an attacker could elevate their privileges and run a script in the context of the current user. (CVE-2013-5072) - Two code execution vulnerabilities exist in the WebReady Document Viewing feature of Outlook Web Access. Code execution is limited to the LocalService account. In addition, a denial of service vulnerability exists in the DLP feature of Exchange 2013. (CVE-2013-5763, CVE-2013-5791) last seen 2020-06-01 modified 2020-06-02 plugin id 71320 published 2013-12-11 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71320 title MS13-105: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(71320); script_version("1.15"); script_cvs_date("Date: 2019/01/10 15:44:14"); script_cve_id( "CVE-2013-1330", "CVE-2013-5072", "CVE-2013-5763", "CVE-2013-5791" ); script_bugtraq_id(62221, 63076, 63741, 64085); script_xref(name:"CERT", value:"953241"); script_xref(name:"CERT", value:"959313"); script_xref(name:"EDB-ID", value:"31222"); script_xref(name:"MSFT", value:"MS13-105"); script_xref(name:"MSKB", value:"2880833"); script_xref(name:"MSKB", value:"2905616"); script_xref(name:"MSKB", value:"2903911"); script_xref(name:"MSKB", value:"2903903"); script_name(english:"MS13-105: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)"); script_summary(english:"Checks version of vshwp2.dll."); script_set_attribute(attribute:"synopsis", value:"The remote mail server has multiple vulnerabilities."); script_set_attribute( attribute:"description", value: "The version of Microsoft Exchange installed on the host is affected by the following vulnerabilities : - A code execution vulnerability exists that could allow an attacker to execute arbitrary code in the context of the OWA service account. (CVE-2013-1330) - A cross-site scripting vulnerability exists in OWA in which an attacker could elevate their privileges and run a script in the context of the current user. (CVE-2013-5072) - Two code execution vulnerabilities exist in the WebReady Document Viewing feature of Outlook Web Access. Code execution is limited to the LocalService account. In addition, a denial of service vulnerability exists in the DLP feature of Exchange 2013. (CVE-2013-5763, CVE-2013-5791)" ); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-105"); script_set_attribute( attribute:"solution", value: "Microsoft has released a set of patches for Exchange 2007 SP3, 2010 SP2 and SP3, 2013 CU2 and CU3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/10"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:exchange_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_dependencies("ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible'); port = kb_smb_transport(); bulletin = 'MS13-105'; kbs = make_list( '2880833', # Exchange 2013 CU2 & CU3 '2905616', # Exchange 2010 SP3 - Rollup 4 '2903911', # Exchange 2007 SP3 - Rollup 12 '2903903' # Exchange 2010 SP2 - Rollup 8 ); if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit('SMB/Registry/Enumerated'); version = get_kb_item_or_exit('SMB/Exchange/Version'); sp = int(get_kb_item('SMB/Exchange/SP')); # bail out if one of the following affected configurations is not seen if (version != 80 && version != 140 && version != 150) # not 2007, 2010 audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', version); else if (version == 80 && sp != 3) # not 2007 SP3 audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', '2007 SP' + sp); else if (version == 140 && sp != 2 && sp != 3) # not 2010 SP2 or SP3 audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', '2010 SP' + sp); else if (version == 150 && sp != 0) # not 2013 CU2 or CU3 (no SP) audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', '2013 SP' + sp); exch_root = get_kb_item_or_exit('SMB/Exchange/Path', exit_code:1); if (exch_root[strlen(exch_root) - 1] != "\") # add a trailing backslash if necessary exch_root += "\"; share = hotfix_path2share(path:exch_root); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if (version == 80 && sp == 3) # 2007 SP3 kb = '2903911'; else if (version == 140 && sp == 2) # 2010 SP2 kb = '2903903'; else if (version == 140 && sp == 3) # 2010 SP3 kb = '2905616'; else if (version == 150) # 2013 CU2 and CU3 kb = '2880833'; # If Exchange 2013 is installed, make sure it is CU2 or CU3 before continuing if (version == 150) { exe = exch_root + "Bin\msexchangerepl.exe"; ret = hotfix_get_fversion(path:exe); if (ret['error'] != HCF_OK) { hotfix_check_fversion_end(); audit(AUDIT_FN_FAIL, 'hotfix_get_fversion'); } exe_ver = join(ret['value'], sep:'.'); if ( exe_ver !~ "^15\.0\.712\." && # 2013 CU2 exe_ver !~ "^15\.0\.775\." # 2013 CU3 ) { hotfix_check_fversion_end(); audit(AUDIT_INST_VER_NOT_VULN, 'Exchange 2013', exe_ver); } } ooi_path = exch_root + "ClientAccess\Owa\Bin\DocumentViewing"; file = 'vshwp2.dll'; if (hotfix_is_vulnerable(path:ooi_path, file:file, version:'8.4.1.18', bulletin:bulletin, kb:kb)) { set_kb_item(name:'SMB/Missing/' + bulletin, value:TRUE); set_kb_item(name:'www/'+port+'/XSS', value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }
Seebug
| bulletinFamily | exploit |
| description | CVE ID:CVE-2013-5763 Oracle Fusion Middleware是一款Oracle公司开发的融合中间件。 Oracle Fusion Middleware中的Oracle Outside In Technology组件存在未明安全漏洞,允许远程攻击者利用漏洞以应用程序上下文执行任意代码,漏洞相关Outside In Maintenance。 该漏洞原来错误的映射到CVE-2013-3624中。 0 Oracle Fusion Middleware 8.4.0 厂商补丁: Oracle ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html |
| id | SSV:61129 |
| last seen | 2017-11-19 |
| modified | 2013-12-16 |
| published | 2013-12-16 |
| reporter | Root |
| title | Oracle Fusion Middleware Oracle Outside In Technology未明代码执行漏洞 |
References
- http://secunia.com/advisories/56237
- http://secunia.com/advisories/56241
- http://secunia.com/advisories/56243
- http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
- http://www.securityfocus.com/bid/63741
- http://www.securitytracker.com/id/1029190
- http://www-01.ibm.com/support/docview.wss?uid=swg21660640
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105