Oracle Virtual Server Agent 2.3: Arbitrary File Access Vulnerability

Users of Oracle Virtual Server Agent 2.3 please be advised of an Arbitrary File Access vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

ONAPSIS-2010-008: [ONAPSIS-2010-008] Oracle Virtual Server Agent Arbitrary File Access
– Affected Components:

* Oracle Virtual Server Agent 2.3

– Vulnerability Class: Arbitrary file access.

. Vulnerability Details
=========================

Oracle VM Agent exposes several functions through XML-RPC. The use of some of these functions (executed as a highly
privileged user, or root), can
lead to an arbitrary file access which is not a valid function of the agent.

Onapsis is not distributing technical details about this issue to the general public at this moment in order to provide
enough time to affected
customers to patch their systems and protect against the exploitation of the described vulnerability.Read more at http://www.criticalwatch.com

 

Advertisements