Oracle Virtual Server Agent 2.3: Remote Command Execution Vulnerability

Users of Oracle Virtual Server Agent 2.3 please be advised of a Remote Command Execution vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

ONAPSIS-2010-009: [ONAPSIS-2010-009] Oracle Virtual Server Agent Remote Command Execution

- Affected Components: * Oracle Virtual Server Agent 2.3

- Vulnerability Class: Remote command execution

Vulnerability Details ======================== Oracle VM Agent exposes several functions through XML-RPC. One of these functions contains a vulnerability that can be exploited to execute arbitrary operating system commands over the target server. Onapsis is not distributing technical details about this issue to the general public at this moment in order to provide enough time to affected customers to patch their systems and protect against the exploitation of the described vulnerability. Read more at www.criticalwatch.com

 

See this Amp at http://amplify.com/u/eox6