Authentication Bypass Vulnerability in Oracle E-Busines Suite

Stephen Kost of Integrigy discovered that a vulnerability in the communications protocol that Oracle Applications FND File Server (FNDFS) uses lets an attacker bypass any OS, database, and application authentication to retrieve files from Oracle Applications Concurrent Manager servers. If the attacker has direct access to the Concurrent Manager server through SQL*Net, he or she can retrieve sensitive data or files (e.g., any file that the oracle or applmgr accounts can access) that contain critical passwords. Oracle has released a security bulletin regarding this vulnerability and recommends that affected users download and apply the appropriate update.

   http://www.secadministrator.com/articles/index.cfm?articleid=38686

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish