{"vuid":"VU#865948","idnumber":"865948","name":"Oracle Enterprise Manager Oracle Agent contains a buffer overflow","keywords":["Oracle Enterprise Manager","Oracle Agent","EM01","oracle_cpu_October_2005","Oracle CPU October 2005"],"overview":"Oracle Enterprise Manager Oracle Agent contains a buffer overflow vulnerability. Exploitation may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges.","clean_desc":"The Oracle Agent provides remote management services for Oracle Enterprise Manager. A lack of input validation in the Oracle agent may allow a buffer overflow to occur. A remote attacker may be able to trigger the buffer overflow by sending a specially crafted HTTP request to a vulnerable Oracle Agent installation. We currently believe this vulnerability to be Oracle Vuln# EM01, which listed in the Oracle Critical Patch Update for October 2005.","impact":"A remote, unauthenticated attacker to execute arbitrary code, possibly with elevated (SYSTEM) privileges","resolution":"Apply updates\nApply the appropriate patch or upgrade as specified in the Oracle Critical Patch Update for October 2005.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by \nOracle SPI Dynamics\n, and Alexander Kornbrust of \nred-database security","author":"This document was written by Jeff Gennari.","public":["http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html","http://www.spidynamics.com/spilabs/advisories/oracle-emagentoverflow.html","http://www.red-database-security.com/advisory/details_oracle_cpu_october","http://secunia.com/advisories/17250/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-10-19T14:12:20Z","publicdate":"2005-10-18T00:00:00Z","datefirstpublished":"2005-10-20T18:57:54Z","dateupdated":"2005-10-21T17:39:02Z","revision":15,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"16","cam_impact":"20","cam_easeofexploitation":"7","cam_attackeraccessrequired":"10","cam_scorecurrent":"8.4","cam_scorecurrentwidelyknown":"10.5","cam_scorecurrentwidelyknownexploited":"18.9","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":8.4,"vulnote":null}