Description:
|
This Metasploit module exploits a command injection flaw within Oracle\\'s VM Server Virtual Server Agent (ovs-agent) service. By including shell meta characters within the second parameter to the 'utl_test_url' XML-RPC methodCall, an attacker can execute arbitrary commands. The service typically runs with root privileges. NOTE: Valid credentials are required to trigger this vulnerable. The username appears to be hardcoded as 'oracle', but the password is set by the administrator at installation time.
|