Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Oracle Reports Server Multiple Vulnerabilities

Subscribe

Check Point Reference: CPAI-2006-030
Date Published:
Severity:
Last Updated:
Source: Oracle Critical Patch Update - January 2006
Industry Reference(s):

US-CERT VU#472148
Protection Provided by: VPN-1
  • NGX R61
  • NGX R60
  • NG with Application Intelligence R55W
  • NG with Application Intelligence R55
  • NG with Application Intelligence R54
InterSpect
  • NGX
  • 2.0 and 1.x
Who is Vulnerable?
Vulnerability Description
Oracle Reports is a reporting tool that generates data from multiple sources and converts the information into a formatted report. Several vulnerabilities were reported in Oracle Reports server which can be exploited to overwrite arbitrary files, conduct cross-site scripting attacks, gain local user privileges and compromise an affected system.
Vulnerability Status
the vulnerabilities were published
Update/Patch Available
See Oracle Critical Patch Update from January 2006 at http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html.
Vulnerability Details
A remote attacker may be able to overwrite files on the server by sending a specially crafted URL to Oracle Reports. Depending on which file was created or overwritten, this could allow the attacker to gain escalated privileges, conduct cross site scripting attacks or a cause a denial-of-service condition on the system.

Protection Overview
The Update enables the HTTP Worm Catcher to detect and block the vulnerability based on pre-defined worm signatures.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
The update also includes the following protections:

  • Enhancement to the Microsoft Windows Media Player Vulnerability (CPAI-2006-016)
  • Trojan Spy Goldun.de Protection (CPAI-2006-025)
  • ezDatabase Remote File Inclusion Protection (CPAI-2006-026)
  • TFTPD32 Request Error Message Format String Protection (CPAI-2006-027) - InterSpect NGX only
  • Cisco IOS CDP Status Page Code Injection Protection (CPAI-2006-028)
  • SHOUTcast Filename Request Format String Protection (CPAI-2006-029)
  • Google Talk via Gmail Web Interface Protection (CPAI-2006-030)- for InterSpect NGX and VPN-1 NGX R61 only 
  • IBM Tivoli Access Manager Directory Traversal Protection (CPAI-2006-031)
  • Protection Against NFS Vulnerabilities (CPAI-2006-032)
  • Protection against PmWiki multiple vulnerabilities.

VPN-1 NGX R61

How Can I Protect My Network?
1. Update your SmartDefense: Click the SmartDefense Services tab, In the left pane from the drop-down list, click Download Updates and then click the Online Update button.
2. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
3. Enable the following patterns:

Oracle Reports File Overwrite
Oracle Reports Directory Traversal(1)
Oracle Reports Directory Traversal(2)

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Oracle Reports File Overwrite
Oracle Reports Directory Traversal(1)
Oracle Reports Directory Traversal(2)

VPN-1 NGX R60 / VPN-1 NG with Application Intelligence R55W

How Can I Protect My Network?
1. Update your SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
3. Enable the following patterns:

Oracle Reports File Overwrite
Oracle Reports Directory Traversal(1)
Oracle Reports Directory Traversal(2)

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Oracle Reports File Overwrite
Oracle Reports Directory Traversal(1)
Oracle Reports Directory Traversal(2)

VPN-1 NG with Application Intelligence R55/R54

How Can I Protect My Network?
1. Update your SmartDefense by clicking Update Now in the SmartDashboard General window.
2. In the SmartDefense tree, click Application Intelligence > Web and enable the General HTTP Worm Catcher.
3. Enable the following patterns:

Oracle Reports File Overwrite
Oracle Reports Directory Traversal(1)
Oracle Reports Directory Traversal(2)

4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Oracle Reports File Overwrite
Oracle Reports Directory Traversal(1)
Oracle Reports Directory Traversal(2)

InterSpect NGX

How Can I Protect My Network?
1. Update your SmartDefense: In the left pane from the drop-down list, select Profiles > SmartDefense Service and click the Online Update button.
2. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
3. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
4. Enable the following patterns:

Oracle Reports File Overwrite
Oracle Reports Directory Traversal(1)
Oracle Reports Directory Traversal(2)

5. Install policy on all modules. 

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Oracle Reports File Overwrite
Oracle Reports Directory Traversal(1)
Oracle Reports Directory Traversal(2)

InterSpect 2.0

How Can I Protect My Network?
1. Update your SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the SmartDefense tree, click Malicious Code > General HTTP Worm Defender.
3. Enable the following patterns:

Oracle Reports File Overwrite
Oracle Reports Directory Traversal(1)
Oracle Reports Directory Traversal(2)

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?

SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Oracle Reports File Overwrite
Oracle Reports Directory Traversal(1)
Oracle Reports Directory Traversal(2)