Published: 14/10/2010 Updated: 10/10/2018

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the exposure of unspecified functions using XML-RPC.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle vm 2.2.1

## # $Id: oracle_vm_agent_utlrb 10821 2010-10-25 20:58:49Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' c ...

This Metasploit module exploits a command injection flaw within Oracle\\'s VM Server Virtual Server Agent (ovs-agent) service By including shell meta characters within the second parameter to the 'utl_test_url' XML-RPC methodCall, an attacker can execute arbitrary commands The service typically runs with root privileges NOTE: Valid credentials a ...

NVD-CWE-noinfo http://www.us-cert.gov/cas/techalerts/TA10-287A.html http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html http://www.securityfocus.com/archive/1/514611/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/16915/

CVE-2010-3585

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect