Overview
Oracle Enterprise Manager Oracle Agent contains a buffer overflow vulnerability. Exploitation may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges.
Description
The Oracle Agent provides remote management services for Oracle Enterprise Manager. A lack of input validation in the Oracle agent may allow a buffer overflow to occur. A remote attacker may be able to trigger the buffer overflow by sending a specially crafted HTTP request to a vulnerable Oracle Agent installation. We currently believe this vulnerability to be Oracle Vuln# EM01, which listed in the Oracle Critical Patch Update for October 2005. |
Impact
A remote, unauthenticated attacker to execute arbitrary code, possibly with elevated (SYSTEM) privileges |
Solution
Apply updates Apply the appropriate patch or upgrade as specified in the Oracle Critical Patch Update for October 2005. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported by Oracle, SPI Dynamics, and Alexander Kornbrust of red-database security.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | None |
| Severity Metric: | 8.40 |
| Date Public: | 2005-10-18 |
| Date First Published: | 2005-10-20 |
| Date Last Updated: | 2005-10-21 17:39 UTC |
| Document Revision: | 15 |