CVE-2010-3585

Oracle VM Server Virtual Server Agent Command Injection

Title source: metasploit

Description

Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the exposure of unspecified functions using XML-RPC.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/16915

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by jduck · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA10-287A.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/514611/100/0/threaded

Scores

EPSS 0.6370

EPSS Percentile 98.4%

Details

Status published

Products (1)

oracle/vm 2.2.1

Published Oct 14, 2010

Tracked Since Feb 18, 2026