Rule:--Sid:3512--Summary:This event is generated when an attempt is made to exploit adirectory traversal associated with an Oracle UTL_FILE command.--Impact:A successful attack can allow a malicious user to read, write,alter, or delete files outside the user's authorized directory.--Detailed Information:Oracle UTL_FILE commands allow a user to read, write, copy, ordelete files in locations/directories authorized to the user.However, no check is performed to examine if the user attemptsto employ a directory traversal to manipulate files outside ofthe authorized directories.  Specifically, the FOPEN, FOPEN_NCHAR,FREMOVE, FRENAME, and FCOPY commands are vulnerable to thisexploit.Note that hosts using Microsoft Windows as the base operating systemmust set the $ORACLE_PORTS variable to any to potentially avoid missingany attacks.--Affected Systems:	Oracle 8i	Oracle 9i--Attack Scenarios:An authenticated user can attempt to manipulate files outside ofthe authorized directories.--Ease of Attack:Simple.--False Positives:None known.--False Negatives:None known. Note that hosts using Microsoft Windows as the baseoperating system must set the $ORACLE_PORTS variable to any topotentially avoid missing any attacks.--Corrective Action:Upgrade to the most current non-affected version of the product.Apply the appropriate vendor supplied patches.--Contributors:Sourcefire Vulnerability Research TeamBrian Caswell <bmc@sourcefire.com>Judy Novak <judy.novak@sourcefire.com>--Additional References:--