Oracle Secure Backup Memory Corruption (Mar 20, 2009)

Oracle Secure Backup is a centralized tape backup management solution that provides data protection for heterogeneous file systems and the Oracle database. It uses the Network Data Management Protocol (NDMP) protocol to administer and perform backup tasks for all clients.

The NDMP protocol is designed to make every network attached storage device “backup ready”, enabling true plug-and-play backup operation. With the NDMP approach, each network-attached file server ships with a “universal agent”, which can be used by any NDMP-compliant backup administration application.

There is a memory corruption vulnerability in Oracle Secure Backup. The vulnerability is triggered during processing the malformed NDMP requests NDMP_CONNECT_OPEN or NDMP_CONNECT_CLOSE. The issue is due to the vulnerable code improper handle the Error field of the requests, and refers to a non-allocated memory. This operation will cause the NDMP process instance terminated immediately.

SonicWALL UTM team has developed the following signatures to detect/prevent attack attempts addressing this issue.

• 5034 Symantec Veritas Backup Exec Agent Error Status DoS
• 5431 Oracle Secure Backup NDMP Handling DoS

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.