Detections
Analytics
Oracle Secure Backup Administration Server Authentication Bypass
critical Nessus Plugin ID 40989
Language:
Synopsis
The remote web server contains a PHP application that allows an attacker to bypass authentication.Description
The remote web server is the Administration Server for Oracle Secure Backup, a centralized tape backup management software application.The installed version of Oracle Secure Backup allows a remote attacker to bypass authentication using a specially crafted username, such as '--fakeoption'.
An unauthenticated, remote attacker can leverage this issue to bypass authentication and gain administrative access to the application.
Under Windows, this can lead to a complete system compromise.
Note that this install is also likely to be affected by multiple command injection vulnerabilities, although Nessus has not checked for them.
Solution
Upgrade to Oracle Secure Backup version 10.2.0.3 or later.See Also
https://www.zerodayinitiative.com/advisories/ZDI-09-058/
https://seclists.org/fulldisclosure/2009/Aug/249
https://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
Plugin Details
Severity: Critical
ID: 40989
File Name: osb_fakeoption_auth_bypass.nasl
Version: 1.22
Type: remote
Family: CGI abuses
Published: 9/14/2009
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:oracle:secure_backup
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Exploited by Nessus: true
Patch Publication Date: 7/14/2009
Vulnerability Publication Date: 8/18/2009
Exploitable With
Core Impact
Elliot (Oracle Secure Backup 10.3.0.1 RCE)
Reference Information
CVE: CVE-2009-1977
BID: 35672