PT-2010-1896 · Oracle · Oracle Secure Backup

Published

2010-01-12

Updated

2012-10-23

CVE-2010-0072

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Secure Backup version 10.2.0.3

Description The issue affects confidentiality, integrity, and availability. It is reportedly related to a buffer overflow in observiced.exe, allowing remote attackers to execute arbitrary code via vectors related to a "reverse lookup of connections" to TCP port 10000, specifically the API endpoint related to TCP port 10000.

Recommendations For Oracle Secure Backup version 10.2.0.3, consider disabling the observiced.exe component to minimize the risk of exploitation until a patch is available. Restrict access to TCP port 10000 to reduce the attack surface.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2010-0072

ZDI-10-002

Affected Products

Oracle Secure Backup

PT-2010-1896 · Oracle · Oracle Secure Backup

CVE-2010-0072

Related Identifiers

Affected Products

References · 4