CIA Security Research, Security Alerts, Security Tools for Application Security

- Top Vulnerabilities

- Resources

- Alerts

- Disclosure Guidelines

- Library Updates

- Cenzic Newsletter

- White Paper Download

CIA RESEARCH

Alerts

[CIA-1027-Alert] Oracle Reports Remote Command Execution via Malicious Report Content

Summary:

A remote authenticated user with file upload privileges on the system can run arbitrary operating system commands on the target system.

Technical Details:

The Oracle Reports Server allows reports executables to be executed by any user on the server. By creating a report containing the ORA_FFI call, a report is allowed to execute system commands. Commands are executed in the context of user Oracle, or with SYSYEM privileges on Microsoft Windows. A maliciously crafted report could perform any OS-level command, allowing a malicious user disclose or alter system files, change system configuration, obtain access to critical system security files (.SAM), or install backdoors. Authentication is required to exploit this vulnerability. By crafting and subsequently uploading a malicious report, a user can perform a wide range of malicious activities. Once uploaded, the report can be executed by supplying a special parameter via the web interface.

Solution:

Consult the document below for available workarounds for this security issue:

Red Database Security: Oracle Reports Run Any OS Command

Additionally, customers using Oracle products should apply Critical Patch update for July 2005. The vulnerability discussed in this alert is not fixed by the critical patch update, however, the critical patch update does address other high risk security issues.

http://www.oracle.com/technology/deploy/security
/pdf/cpujul2005.html

CVE Reference:

GENERIC-MAP-NOMATCH

SecurityTracker Number(s):

1014523

Vendor URL:

http://www.oracle.com

About the Cenzic CIA Team:

Cenzic Intelligent Analysis (CIA) is Cenzic’s research arm that focuses on continuous research for application vulnerabilities. Industry Research, Vulnerability assessment, penetration testing, and security testing — that’s what Cenzic Intelligent Analysis Research is all about. Cenzic has dedicated experts whose sole job is to perform ongoing research to find not only common vulnerabilities but also vulnerabilities found in customer applications and make them available to our customers and to the community at large.

About Cenzic:

Cenzic provides Hailstorm®, the revolutionary enterprise software suite for automated application security assessment and compliance that allows corporations and government organizations to dramatically improve the security of commercial and custom applications. Hailstorm enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, and verify compliance with security policies. Benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic’s customers are currently in the financial services and
e-marketplaces sectors. For more information visit www.cenzic.com or call 1-866-4-CENZIC


>	Datasheet: Hailstorm Enterprise ARC
>	Datasheet: Hailstorm Pro
>	Datasheet: Hailstorm Starter
>	Datasheet: Hailstorm Core
>	White Paper: Beyond Simple Vulnerabilities Scanning
>	White Paper: Cross Frame Scripting
>	White Paper: Cenzic Imperative Assessment Plan
>	White Paper: Enabling Security in the Software Development Lifecycle (PDF)