Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2371

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2371
Last Modified 22 Oct 2012 09:47:04
Published 26 Jul 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2371

Summary

Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289.

Vulnerable Systems

Application

  • Oracle Reports 10g

  • Oracle Reports 6.0

  • Oracle Reports 6i

  • Oracle Reports 9i


References

XF - oracle-january2006-update(24321)

VUPEN - ADV-2006-0323

BID - 14309

BUGTRAQ - 20060117 Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)

MISC - http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html

CONFIRM - http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html

SECTRACK - 1014524

SECUNIA - 18608

SECUNIA - 18493

BUGTRAQ - 20050719 Oracle Security Advisory: Overwrite any file via desname in Oracle Reports

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html


Last Updated: 27 May 2016 11:01:12