Oracle Secure Backup 10.2.0.3 login.php Username memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.9 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Oracle Secure Backup 10.2.0.3. It has been declared as critical. The impacted element is an unknown function of the file login.php. Such manipulation of the argument Username leads to memory corruption. This vulnerability is traded as CVE-2009-1978. Furthermore, there is an exploit available.
Details
A vulnerability, which was classified as critical, has been found in Oracle Secure Backup 10.2.0.3 (Backup Software). Affected by this issue is some unknown processing of the file login.php. The manipulation of the argument username with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability. CVE summarizes:
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows attackers to bypass authentication via unknown vectors involving the username parameter and login.php.
The weakness was shared 07/14/2009 by ikki with Oracle (Website). The advisory is available at securityfocus.com. This vulnerability is handled as CVE-2009-1978 since 06/08/2009. The exploitation is known to be easy. The attack may be launched remotely. Required for exploitation is a simple authentication. Technical details as well as a public exploit are known.
A public exploit has been developed by ikki in Shell File and been published 3 months after the advisory. The exploit is available at securityfocus.com. It is declared as highly functional. As 0-day the estimated underground price was around $25k-$100k. By approaching the search of inurl:login.php it is possible to find vulnerable targets with Google Hacking. The commercial vulnerability scanner Qualys is able to test this issue with plugin 19500 (Oracle Secure Backup Authentication Bypass and Remote Code Execution Vulnerabilities).
A possible mitigation has been published before and not just after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 8778.
The vulnerability is also documented in the databases at X-Force (51762), Exploit-DB (9652), SecurityFocus (BID 35678†), OSVDB (55904†) and Secunia (SA35776†). The entries VDB-49043, VDB-49042, VDB-49041 and VDB-49040 are related to this item. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.oracle.com
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.9VulDB Meta Temp Score: 9.9
VulDB Base Score: 9.9
VulDB Temp Score: 9.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Highly functional
Author: ikki
Programming Language: 🔍
Download: 🔍
Google Hack: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Saint ID: exploit_info/oracle_secure_backup_property_box_type
Saint Name: Oracle Secure Backup property_box.php type parameter command execution
Qualys ID: 🔍
Qualys Name: 🔍
MetaSploit ID: osb_execqr2.rb
MetaSploit Name: Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
MetaSploit File: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
06/08/2009 🔍07/14/2009 🔍
07/14/2009 🔍
07/14/2009 🔍
07/14/2009 🔍
07/14/2009 🔍
07/15/2009 🔍
07/15/2009 🔍
07/15/2009 🔍
07/15/2009 🔍
09/14/2009 🔍
09/14/2009 🔍
03/17/2015 🔍
04/07/2025 🔍
Sources
Vendor: oracle.comAdvisory: securityfocus.com⛔
Researcher: ikki
Organization: Oracle
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2009-1978 (🔍)
GCVE (CVE): GCVE-0-2009-1978
GCVE (VulDB): GCVE-100-49034
X-Force: 51762
SecurityFocus: 35678 - Oracle Secure Backup CVE-2009-1978 Arbitrary Command Execution Vulnerability
Secunia: 35776 - Oracle Products Multiple Vulnerabilities, Highly Critical
OSVDB: 55904 - Oracle Secure Backup property_box.php Crafted Request Arbitrary Command Execution
SecurityTracker: 1022565 - Oracle Secure Enterprise Search Bugs Let Remote Users Execute Arbitrary Code
Vulnerability Center: 22885 - [cpujul2009-091332] Oracle Secure Backup 10 - 10.2.0.3 Valid Session Unspecified Vulnerability, High
Vupen: ADV-2009-1900
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 03/17/2015 23:38Updated: 04/07/2025 10:04
Changes: 03/17/2015 23:38 (72), 02/11/2017 10:44 (26), 04/07/2025 10:04 (18)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.