Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21158
HistoryJan 16, 2009 - 12:00 a.m.

Oracle Secure Backup Multiple Denial Of Service vulnerabilities

2009-01-1600:00:00
vulners.com
28

Oracle Secure Backup Multiple Denial Of Service vulnerabilities
2009.January.13

Fortinet's FortiGuard Global Security Research Team Discovers multiple vulnerabilities in Oracle
Secure Backup

Summary:

Multiple Denial Of Service vulnerabilities exist Oracle Secure Backup 10.2.0.2 through malformed
NDMP packets.

Impact:

Remote Denial Of Service

Risk:

Medium (Base Score:5.0)

Affected Software:

Oracle Secure Backup 10.2.0.2

Additional Information:

1>[CVE-2008-5441]Sending a malformed NDMP connect open(NDMP_CONNECT_OPEN command) packet will
1>cause a crash.
2>[CVE-2008-5442]Sending a malformed NDMP connect close(NDMP_CONNECT_CLOSE command) packet will
2>cause a crash.
3>[CVE-2008-5443]Sending a malformed NDMP mover get state(NDMP_MOVER_GET_STATE command) packet
3>will cause a crash.

Solutions:

Use the solution provided by Oracle
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html

Fortinet customers who subscribe to FortinetΠŽΠ‡s intrusion prevention (IPS) service should be
protected against these Remote Denial Of
Service vulnerabilities. FortinetΠŽΠ‡s IPS service is one component of FortiGuard Subscription
Services, which also offer comprehensive solutions such as antivirus, Web content filtering and
antispam capabilities. These services enable protection against threats on both application and
network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security
Research Team, which enables Fortinet to deliver a combination of multi-layered security
intelligence and true zero-day protection from new and emerging threats. These updates are delivered
to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible
disclosure guidelines to ensure optimum protection during a threat's lifecycle.

Acknowledgement:

Zhenhualiu and XiaopengZhang of Fortinet's FortiGuard Global Security Research Team

References:

http://www.fortiguardcenter.com/advisory/FGA-2009-02.html
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html

CVE ID: CVE-2008-5441
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-5441
CVE ID: CVE-2008-5442
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-5442
CVE ID: CVE-2008-5443
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-5443

*** This email and any attachments thereto may contain private, confidential, and privileged
material for the sole use of the intended recipient. Any review, copying, or distribution of this
email (or any attachments thereto) by others is strictly prohibited. If you are not the intended
recipient, please contact the sender immediately and permanently delete the original and any copies
of this email and any attachments thereto. ***