ID CVE-2010-0072
Summary Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a buffer overflow in observiced.exe that allows remote attackers to execute arbitrary code via vectors related to a "reverse lookup of connections" to TCP port 10000.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:secure_backup:10.2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:secure_backup:10.2.0.3:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 23-10-2012 - 03:17)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
cert TA10-012A
confirm http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
Last major update 23-10-2012 - 03:17
Published 13-01-2010 - 01:30
Last modified 23-10-2012 - 03:17
Back to Top