Summary:
---------------
CVE-ID: CVE-2013-1362
CVSS: Base Score 7.5
CVSS2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:UC/CDP:N/TD:N/CR:L/IR:L/AR:L
Vendor: Nagios
Affected Products: NRPE
Affected Platforms: All
Affected versions: < 2.14
Remote Exploitable: Yes
Local Exploitable: No
Patch Status Vendor released a patch (See Solution)
URL: http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability
Description
----------------
nrpe 2.13 has, in src/nrpc.c, line 52:
#define NASTY_METACHARS "|`&><'\"\\[]{};"
This allows the passing of $() to plugins/scripts which, if run under
bash, will execute that shell command under a subprocess and pass the
output as a parameter to the called script. Using this, it is possible
to get called scripts, such as check_http, to execute arbitrary
commands under the uid that NRPE/nagios is running as (typically,
'nagios').
Solution
------------
Upgrade to NRPE 2.14 or later, available at
http://sourceforge.net/projects/nagios/files/nrpe-2.x/
Courtesy: securityfocus.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cross-site scripting in Oracle Enterprise Manager (advReplicationAdmin)
TeamSHATTER Security Advisory
February 20, 2013
Risk Level:
High
Affected versions:
Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3
Remote exploitable:
Yes
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of
Application Security Inc.
Details:
Cross-site scripting vulnerabilities occur when an attacker tricks a
legitimate web application into sending malicious code, generally in the form
of a script, to an unsuspecting end user. The attack usually involves crafting
a hyperlink with malicious script code embedded within it. A valid user is
likely to click this link since it points to a resource on a trusted domain.
The link can be posted on a web page, or sent in an instant message, or email.
Clicking on the link executes the attacker-injected code in the context of the
trusted web application. Typically, the code steals session cookies, which can
then be used to impersonate a valid user.
There are instances of XSS vulnerabilities in the Distributed/Cross DB
Features of Oracle Enterprise Manager. For example web page
/em/console/database/dist/advRepl/advReplicationAdmin is vulnerable to this
kind of attacks.
Impact:
Attackers might steal administrator's session cookies, thereby allowing the
attacker to impersonate the valid user.
Vendor Status:
Vendor was contacted and a patch was released.
Workaround:
There is no workaround for this vulnerability.
Fix:
Apply January 2013 CPU.
CVE:
CVE-2013-0355
Links:
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.teamshatter.com/?p=4162
Timeline:
Vendor Notification - 6/25/2012
Vendor Response - 6/29/2012
Fix - 1/15/2013
Public Disclosure - 2/20/2013- --
_____________________________________________
Copyright (c) 2013 Application Security, Inc.
http://www.appsecinc.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
iEYEARECAAYFAlEmcToACgkQRx91imnNIgHHPgCdEowSWrZMUIZqCt9l4rZ9jXr3
8bgAnjXHt2HN6LjZ0Ye/bPRwNJAxI5xj
=yJVw
-----END PGP SIGNATURE-----
Courtesy: securityfocus.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TeamSHATTER Security Advisory
SQL Injection in Oracle Enterprise Manager (Resource Manager)
February 20, 2013
Risk Level:
High
Affected versions:
Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5,
11.1.0.7, 11.2.0.2, 11.2.0.3
Remote exploitable:
Yes
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of
Application Security Inc.
Details:
SQL Injection works by attempting to modify the parameters passed to an
application to change the SQL statements that are passed to a database. SQL
injection can be used to insert additional SQL statements to be executed.
Some parameters of /em/console/database/instance/rsrcpln are vulnerable to SQL
Injection attacks. This web page is part of Oracle Enterprise Manager web
application. This vulnerability allows to execute SQL statements in the
backend database making a web request as an authenticated user. The
vulnerability can be exploited, by means of cross-site request forgery
attacks, when an Administrator with an open OEM session visits a malicious web
site.
Impact:
An attacker hosting a malicious web site can execute SQL statements in the
backend database when an administrator with an open session in Oracle
Enterprise Manager web application visits the malicious web site.
Vendor Status:
Vendor was contacted and a patch was released.
Workaround:
There is no workaround for this vulnerability.
Fix:
Apply January 2013 CPU.
CVE:
CVE-2013-0358
Links:
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.teamshatter.com/?p=4149
Timeline:
Vendor Notification - 8/22/2012
Vendor Response - 8/28/2012
Fix - 1/15/2013
Public Disclosure - 2/20/2013- --
_____________________________________________
Copyright (c) 2013 Application Security, Inc.
http://www.appsecinc.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
iEYEARECAAYFAlEmdCYACgkQRx91imnNIgExpACfTypwOkrsaIsXlStKyF6p/Jrn
5g8AoMuWwLaNQyTKeD8gbNPcKk/BnEjB
=1/1M
-----END PGP SIGNATURE-----
Courtesy: securityfocus.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TeamSHATTER Security Advisory
Oracle Enterprise Manager Segment Advisor Arbitrary URL redirection/phishing
vulnerability
February 20, 2013
Risk Level:
High
Affected versions:
Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5,
11.1.0.7, 11.2.0.2, 11.2.0.3
Remote exploitable:
Yes
Credits:
This vulnerability was discovered and researched by Qinglin Jiang of
Application Security Inc.
Details:
Oracle Enterprise Manager Database Control Segment Advisor page is vulnerable
to an arbitrary URL redirection/phishing vulnerability. An attacker may inject
an arbitrary URL into the web application and force the application to
redirect to it without any validation. This vulnerability can be used in
phishing attacks to trick legitimate users to visit malicious sites without
realizing it. The affected link and parameter are
/em/console/database/xdb/XDBResource and cancelURL.
Impact:
A remote attacker can redirect a legitimate user to a arbitrary URL, which can
result in phishing attacks, trojan distribution, and spamming.
Vendor Status:
Vendor was contacted and a patch was released.
Workaround:
There is no workaround for this vulnerability.
Fix:
Apply January 2013 CPU.
CVE:
CVE-2012-3219
Links:
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.teamshatter.com/?p=4159
Timeline:
Vendor Notification - 4/26/2012
Vendor Response - 5/3/2012
Fix - 1/15/2013
Public Disclosure - 2/20/2013
- --
_____________________________________________
Copyright (c) 2013 Application Security, Inc.
http://www.appsecinc.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
iEYEARECAAYFAlEmbNsACgkQRx91imnNIgF44wCfZCk/iHG72ifdIh0Q3NX76hm1
KDEAn2HapYPDObVhhrVtIQoHXBbC6INi
=BIt8
-----END PGP SIGNATURE-----
Courtesy: securityfocus.com
