{"vuid":"VU#291555","idnumber":"291555","name":"Oracle Web Cache contains buffer overflow vulnerabilities","keywords":["Oracle","Web Cache Server","remotely exploitable","buffer overflow","execution of code","ias","oracle9i"],"overview":"The CERT/CC is aware of a report about \"several remotely exploitable buffer overflow vulnerabilities in the Oracle Web Cache Server\" that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Web Cache process.","clean_desc":"The Oracle Web Cache acts as a reverse proxy, caching static and dynamic content generated from Oracle Application web servers. The CERT/CC is aware of a report of several buffer overflow vulnerabilities in the Oracle Web Cache. The report implies that the vulnerabilities exist in the Oracle Web Cache Manager, which is a web-based administration interface for the Oracle Web Cache. Further details about these vulnerabilities are not presently available, as the reporter (NGSSoftware) has intentionally released limited information in accordance with their disclosure policy. NGSSoftware reports that Oracle9iAS v1.0.2.2 for Windows NT/2000 was tested.","impact":"An unauthenticated remote attacker could execute arbitrary code or cause a denial of service on a vulnerable system. The Oracle Web Cache may run as SYSTEM on Windows NT and Windows 2000 systems.","resolution":"Apply a Patch When available, apply the appropriate patch. Oracle typically releases Security Alerts that include patch information.","workarounds":"Restrict Access Where possible, limit access to vulnerable systems to trusted users, hosts, and networks. The report from NGSSoftware states that \"In the interim Oracle customers can protect against this problem by ensuring that the administration pages for web cache have been protected by changing the default administrator password.\"  This implies that the vulnerabilities may exist in the Oracle Web Cache Manager, a web-based management interface that listens for administration and configuration requests on port 4000/tcp by default. Oracle Web Cache also listens for cache invalidation requests on 4001/tcp and statistics monitoring requests on 4002/tcp. The Oracle Technology Network (registration required) contains documentation on the Oracle Web Cache Manager, including instructions for changing the default administrator password, setting trusted administrative hosts and networks, changing the user and group IDs used by the Web Cache process on UNIX/Linux systems, and changing the default administration port. Disable Unnecessary Services If your site does not use the Oracle Web Cache, disable it. Use Least Privilege Run the Oracle Web Cache under a user account with the least privilege possible. Note that this workaround will not prevent exploitation, but may limit the impact of an attack.","sysaffected":"","thanks":"The CERT/CC thanks David Litchfield of \nNGSSoftware\n for information used in this document.","author":"This document was written by Art Manion","public":["http://www.nextgenss.com/vna/ora-webcache.txt","http://www.securityfocus.com/bid/4856","http://www.iss.net/security_center/static/10187.php"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-05-29T16:05:17Z","publicdate":"2002-05-27T00:00:00Z","datefirstpublished":"2002-06-04T19:58:38Z","dateupdated":"2002-11-15T21:55:15Z","revision":27,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"16","cam_exploitation":"0","cam_internetinfrastructure":"8","cam_population":"8","cam_impact":"18","cam_easeofexploitation":"9","cam_attackeraccessrequired":"12","cam_scorecurrent":"6.9984","cam_scorecurrentwidelyknown":"8.1648","cam_scorecurrentwidelyknownexploited":"13.9968","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.9984,"vulnote":null}