19 Jul 17:06
Oracle Database Local Untrusted Library Path Vulnerability
From: Joxean Koret <joxeankoret <at> yahoo.es>
Subject: Oracle Database Local Untrusted Library Path Vulnerability
Newsgroups: gmane.comp.security.full-disclosure, gmane.comp.security.bugtraq
Date: 2008-07-19 15:08:40 GMT
Subject: Oracle Database Local Untrusted Library Path Vulnerability
Newsgroups: gmane.comp.security.full-disclosure, gmane.comp.security.bugtraq
Date: 2008-07-19 15:08:40 GMT
Oracle Database Local Untrusted Library Path Vulnerability ---------------------------------------------------------- The Oracle July 2008 Critical Patch Update fixes a vulnerability which allows a user in the OINSTALL/DBA group to scalate privileges to root. Scalating Privileges from "oracle" to "root" -------------------------------------------- In Oracle 10g R2 and later (Oracle11g is also vulnerable) the affected binary, $ORACLE_HOME/bin/extjob, is SUID root and must be suid root. In the following forum from Oracle you will found a note at the bottom of the page: (...) In 10.2.0.2 and higher rdbms/admin/externaljob.ora file must must be owned by root:oraclegroup and be writable only by the owner i.e. 644 (rw-(Continue reading)r--r--) bin/extjob file must be also owned by root:oraclegroup but must be setuid i.e. 4750 (-rwsr-x---) bin/extjobo should have normal 755 (rwxr-xr-x) permissions and be owned by oracle:oraclegroup In 11g and higher
RSS Feed