[NEWS] Report Review Agent (RRA/FNDFS) Vulnerability in Oracle E-Business Suite

• Previous message: support@securiteam.com: "[REVS] Protection against Exploitation of Stack and Heap Overflows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: support@securiteam.com
To: list@securiteam.com
Date: 14 Apr 2003 16:54:10 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

In the US?

Contact Beyond Security at our new California office
housewarming rates on automated network vulnerability
scanning. We also welcome ISPs and other resellers!

Please contact us at: 323-882-8286 or ussales@beyondsecurity.com
- - - - - - - - -

  Report Review Agent (RRA/FNDFS) Vulnerability in Oracle E-Business Suite
------------------------------------------------------------------------

SUMMARY

The Oracle Applications FNDFS program, used to retrieve report output from
the Concurrent Manager server, can be used to remotely retrieve any file
from the server without operating system or application authentication. A
mandatory patch from Oracle is required to solve this security issue.

DETAILS

Vulnerable systems:
Oracle E-Business Suite 11i, Releases 1 through 8
Oracle Applications 11.0, All Releases
Oracle Applications 10.7, All Releases

There is a weakness in the communications protocol used by the Oracle
Applications FND File Server (FNDFS) program, also referred to as the
Report Review Agent (RRA) that may allow an attacker to retrieve any file
from Oracle Applications Concurrent Manager servers bypassing operating
system, database, and application authentication. The Concurrent Manager
server is usually also the database server in most implementations. The
FNDFS program is used by the Report Viewer (FNDWRR.exe) and ADI Request
Center to retrieve reports and logs from the Concurrent Manager server.

An attacker can exploit this vulnerability to retrieve sensitive data or
files containing critical passwords from the server. Any file accessible
by the oracle or applmgr accounts can be retrieved. Direct access to the
Concurrent Manager server via SQL*Net is required.

Solution:
Oracle has released patches for Oracle Applications 11.0 and 11i to
correct this vulnerability. Oracle has implemented a new security layer
in the communications protocol used by the FNDFS program.

ADDITIONAL INFORMATION

The information has been provided by <http://www.integrigy.com>
Integrity.
The original advisory can be found at:
<http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf>
http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: support@securiteam.com: "[REVS] Protection against Exploitation of Stack and Heap Overflows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]