Vulnerability Note VU#865948

Oracle Enterprise Manager Oracle Agent contains a buffer overflow

Overview

Oracle Enterprise Manager Oracle Agent contains a buffer overflow vulnerability. Exploitation may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges.

I. Description

The Oracle Agent provides remote management services for Oracle Enterprise Manager. A lack of input validation in the Oracle agent may allow a buffer overflow to occur. A remote attacker may be able to trigger the buffer overflow by sending a specially crafted HTTP request to a vulnerable Oracle Agent installation.

We currently believe this vulnerability to be Oracle Vuln# EM01, which listed in the Oracle Critical Patch Update for October 2005.

II. Impact

A remote, unauthenticated attacker to execute arbitrary code, possibly with elevated (SYSTEM) privileges

III. Solution

Apply updates

Apply the appropriate patch or upgrade as specified in the Oracle Critical Patch Update for October 2005.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Oracle Corporation	Vulnerable	20-Oct-2005

References

http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html
http://www.spidynamics.com/spilabs/advisories/oracle-emagentoverflow.html
http://www.red-database-security.com/advisory/details_oracle_cpu_october
http://secunia.com/advisories/17250/

Credit

This vulnerability was reported by Oracle, SPI Dynamics, and Alexander Kornbrust of red-database security.

This document was written by Jeff Gennari.

Other Information

Date Public:	2005-10-18
Date First Published:	2005-10-20
Date Last Updated:	2005-10-21
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	8.40
Document Revision:	15

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2005 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader