|
|
>> Oracle Reports and Oracle Forms Multiple Unpatched Vulnerabilities
|
Multiple vulnerabilities were identified in Oracle Reports and Oracle Forms, which could be exploited by attackers to execute arbitrary commands, disclose sensitive information, overwrite arbitrary files or conduct cross site scripting attacks.
- The first issue is due to an input validation error in Oracle Forms when processing a specially crafted "form" or "module" parameter, which could be exploited by a malicious user able to upload a specially crafted forms executable (.fmx) to run arbitrary commands with SYSTEM or ORACLE privileges.
- The second flaw is due to an input validation error in Oracle Reports when processing a specially crafted "report" parameter, which could be exploited by a malicious user able to upload a specially crafted reports executables (.rep or .rdf) to run arbitrary commands with SYSTEM or ORACLE privileges.
- The third vulnerability is due to an input validation error in Oracle Reports when processing a specially crafted "desname" parameter, which could be exploited by attackers to overwrite arbitrary files on a vulnerable system.
- The fourth issue is due to an input validation error in Oracle Reports when processing a specially crafted "desformat" parameter, which could be exploited by attackers to disclose the content of arbitrary files.
- The fifth flaw is due to an input validation error in Oracle Reports when processing a specially crafted "customize" parameter, which could be exploited by attackers to disclose the content of arbitrary files.
- The sixth vulnerability is due to an input validation error in Oracle Reports when processing specially crafted "debug", "test", "delimiter" and "cellwrapper" parameters, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser.
Affected Products
Oracle Forms 4.5
Oracle Forms 5.0
Oracle Forms 6.0
Oracle Forms 6i
Oracle Forms 9i
Oracle Forms 10g
Oracle Reports 6.0
Oracle Reports 6i
Oracle Reports 9i
Oracle Reports 10g
Oracle Application Server
Oracle E-Business Suite
Solution
Apply patches :
http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
References
http://www.vupen.com/english/advisories/2005/1140
http://www.red-database-security.com/advisory/oracle_forms_run_any_os_command.html
http://www.red-database-security.com/advisory/oracle_reports_run_any_os_command.html
http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html
http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html
http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html
http://www.red-database-security.com/advisory/oracle_reports_various_css.html
Credits
Vulnerabilities reported by Alexander Kornbrust
ChangeLog
2005-07-19 : Initial release
2006-01-18 : Updated Solution
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
