Oracle Database Server UTL_FILE Directory Traversal File Access

medium Nessus Network Monitor Plugin ID 2680

Synopsis

The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files.

Description

The remote host appears to be running a vulnerable version of Oracle Database Server. An authenticated user can craft SQL queries such that they would be able to retrieve any file on the system. An attacker exploiting this flaw would need a valid account and would need to be able to connect to the Oracle service (typically on port 2972). The attacker would retrieve and/or potentially modify confidential data on the target Oracle server.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www.argeniss.com/research/ARGENISS-ADV-030501.txt

http://www.oracle.com/technology/deploy/security/pdf/cpu-jan-2005_advisory.pdf

http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032273.html

Plugin Details

Severity: Medium

ID: 2680

Family: Database

Published: 3/8/2005

Updated: 3/6/2019

Nessus ID: 17654

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:oracle:database_server

Reference Information

CVE: CVE-2005-0701

BID: 12749