漏洞类别:Local
漏洞等级: 
漏洞信息
Oracle Auto Service Request (ASR) is a feature of Oracle hardware warranty, Oracle Premier Support for Systems, and Oracle Platinum Services. ASR resolves problems faster by automatically opening service requests for Oracle's qualified server, storage, and Engineered Systems when specific faults occur.
Automatic Service Request (ASR) contain the following vulnerabilities:
CVE-2017-3233: The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Automatic Service Request (ASR).
CVE-2017-3234: The vulnerability allows unauthenticated attacker with network access via SFT to compromise Automatic Service Request (ASR).
CVE-2017-3237: The vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR).
CVE-2017-3581: The vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR).
CVE-2017-3620: The vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR).
Affected Versions:
Automatic Service Request (ASR) versions prior to 5.7
QID Detection Logic:
This authenticated QID works by running the "/opt/asrmanager/bin/asr show_version" command to get vulnerable ASR versions.
漏洞危害
Successful exploitation allows attackers to takeover the Automatic Service Request (ASR) or result in unauthorized creation, deletion or modification access to critical data or all ASR accessible data.
解决方案
Customers are advised to upgrade to ASR 5.7 or later versions to remediate these vulnerabilities.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论