Oracle Reports Server DESName Remote File Overwrite Vulnerability

Oracle Reports Server is susceptible to an arbitrary file overwrite vulnerability in its Web interface.

On the Microsoft Windows platform, attackers may exploit this vulnerability to overwrite arbitrary files with System-level privileges. Attackers may overwrite critical system files, resulting in a system-level failures.

On other platforms, attackers may exploit this vulnerability to overwrite arbitrary files with the privileges of the Oracle Applications Server user. Attackers may overwrite critical Oracle files, resulting in an application-level failure.

Database failure, data destruction, and possibly other attacks are possible.


 

Privacy Statement
Copyright 2010, SecurityFocus