PT-2010-1896 · Oracle · Oracle Secure Backup

Publicado

2010-01-12

Atualizado

2012-10-23

CVE-2010-0072

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Secure Backup version 10.2.0.3

Description The issue affects confidentiality, integrity, and availability. It is reportedly related to a buffer overflow in observiced.exe, allowing remote attackers to execute arbitrary code via vectors related to a "reverse lookup of connections" to TCP port 10000, specifically the API endpoint related to TCP port 10000.

Recommendations For Oracle Secure Backup version 10.2.0.3, consider disabling the observiced.exe component to minimize the risk of exploitation until a patch is available. Restrict access to TCP port 10000 to reduce the attack surface.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2010-0072

ZDI-10-002

Produtos afetados

Oracle Secure Backup

PT-2010-1896 · Oracle · Oracle Secure Backup

CVE-2010-0072

Identificadores relacionados

Produtos afetados

Referências · 4