Oracle Enterprise Manager Suite Remote File Upload and SQL Injection


Description   Two vulnerabilities have been identified in Oracle Enterprise Manager Suite, which could be exploited by remote attackers to gain knowledge of sensitive information or execute arbitrary code.
The first issue is caused by an input validation error in a JSP script within the Client System Analyzer component when handling uploaded XML files, which could be exploited by unauthenticated attackers to upload a malicious file and compromise a vulnerable system.
The second vulnerability is caused by an error in the Real User Experience Insight component when parsing log files, which could be exploited to conduct SQL injection attacks.
     
Vulnerable Products   Vulnerable Software:
Oracle Enterprise Manager Grid ControlOracle Enterprise Manager Suite Release 10 version 10.2.0.5Oracle Enterprise Manager Real User Experience Insight version RUEI 6.0
     
Solution   Apply Oracle Critical Patch Update - January 2011 : http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
     
CVE   CVE-2010-3600
CVE-2010-3594
     
References   http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.zerodayinitiative.com/advisories/ZDI-11-018/
http://www.zerodayinitiative.com/advisories/ZDI-11-016/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Escaped NULL char in URL
3.2.0
     


 
 
 
 
 Risk level 
High 

 Vulnerability First Public Report Date 
2011-01-19 

 Target Type 
Server 

 Possible exploit 
Local & Remote