|
|
|
|
| |
Credit:
The information has been provided by zdi-disclosures@tippingpoint.com.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-09-059
|
| |
Vulnerable Systems:
* Oracle Secure Backup
The specific flaw exists in the handling of various variables to the script property_box.php used in the administration server running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the SYSTEM account.
Oracle has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuj ul2009.html
CVE Information:
CVE-2009-1978
Disclosure Timeline:
2009-03-26 - Vulnerability reported to vendor
2009-08-18 - Coordinated Public Disclosure
-------------------------------------------------------------------------------------------------------------------------------
Don't just react to malware threats, get ahead of the game: Apply a proactive malware defense.
|
|
|
|
|
