Vulnerabilities > CVE-2018-2913 - Out-of-bounds Write vulnerability in Oracle Goldengate 12.1.2.1.0/12.2.0.2.0/12.3.0.1.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
oracle
CWE-787
nessus
NVD
Published: 2018-10-17
Updated: 2020-08-24

Summary

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Monitoring Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate. Note: For Linux and Windows platforms, the CVSS score is 9.0 with Access Complexity as High. For all other platforms, the cvss score is 10.0. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Vulnerable Configurations

Part Description Count
Application
Oracle
3

Common Weakness Enumeration (CWE)

Nessus

NASL familyMisc.
NASL idORACLE_GOLDENGATE_CPU_OCT_2018.NASL
descriptionThe version of Oracle GoldenGate installed on the remote host is affected by the following vulnerabilities as noted in the October 2018 CPU advisory : - A denial of service (DoS) vulnerability exists in the manager component of GoldenGate. An unauthenticated, remote attacker can exploit this by sending a malformed command via TCP, to cause the application to stop responding. (CVE-2018-2912, CVE-2018-2914) - A stack-based buffer overflow condition exists in the manager component of GoldenGate. An unauthenticated, remote attacker can exploit this by sending a malformed command via TCP, to cause a denial of service condition or the execution of arbitrary code. (CVE-2018-2913)
last seen2020-06-04
modified2020-03-02
plugin id134205
published2020-03-02
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/134205
titleOracle GoldenGate Multiple Vulnerabilities (October 2018 CPU)
code
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(134205);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/02");

  script_cve_id("CVE-2018-2912", "CVE-2018-2913", "CVE-2018-2914");
  script_bugtraq_id(105651);

  script_name(english:"Oracle GoldenGate Multiple Vulnerabilities (October 2018 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"A real-time data integration and replication application installed on the remote host is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle GoldenGate installed on the remote host is affected by the following vulnerabilities as noted in
the October 2018 CPU advisory :

  - A denial of service (DoS) vulnerability exists in the manager component of GoldenGate. An unauthenticated,
    remote attacker can exploit this by sending a malformed command via TCP, to cause the application to stop
    responding. (CVE-2018-2912, CVE-2018-2914)
  
  - A stack-based buffer overflow condition exists in the manager component of GoldenGate. An unauthenticated,
    remote attacker can exploit this by sending a malformed command via TCP, to cause a denial of service
    condition or the execution of arbitrary code. (CVE-2018-2913)");
  script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2018-31");
  # https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?705136d8");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2018 Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-2913");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/10/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:goldengate");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_goldengate_installed.nbin");
  script_require_keys("Oracle/GoldenGate/Installed");

  exit(0);
}

include('oracle_rdbms_cpu_func.inc');

get_kb_item_or_exit('Oracle/GoldenGate/Installed');
installs = get_kb_list_or_exit('Oracle/GoldenGate/*/Version');

patches = make_array();
patches['12.1.2.1'] = make_list(
  '28696808', # Oracle GoldenGate 12.1.2.1.181016 for Oracle 11g
  '28696813'  # Oracle GoldenGate 12.1.2.1.181016 for Oracle 12c
);
patches['12.2.0.2'] = make_list(
  '28651607', # Oracle GoldenGate 12.2.0.2.181009 for Oracle 11g
  '28651610', # Oracle GoldenGate 12.2.0.2.181009 for Oracle 12c
  '30619259'  # Oracle GoldenGate 12.2.0.2.200218 for Oracle 12c
);
patches['12.3.0.1'] = make_list(
  '28498482', # Oracle GoldenGate 12.3.0.1.180821 for Oracle 11g
  '28498505', # Oracle GoldenGate 12.3.0.1.180821 for Oracle 12c
  '30341565'  # Oracle GoldenGate 12.3.0.1.191015 
);

# security hole
oracle_product_check_vuln(
  product  : 'Oracle GoldenGate',
  installs : installs,
  kbprefix : 'Oracle/GoldenGate/',
  patches  : patches,
  high_risk: TRUE
);

References