---------- Forwarded message ---------- Date: Mon, 16 Aug 1999 23:51:53 +0200 From: Gilles PARC <gparcat_private> Subject: Security Bug in Oracle Hi Listers, I discover a new security problem with Oracle on Unix. Once again, it's with a setuid program. Do not confuse with a similar problem corrected by ORACLE some month ago with a patch called setuid_patch.sh. NEW PROBLEM : if you have installed Oracle Intelligent agent, you will find in $ORACLE_HOME/bin a program called dbsnmp. This program is setuid root and was DELIBERATELY EXCLUDED by Oracle in the forementioned patch. The security hole resides in the fact that this program executes a tcl script ( nmiconf.tcl ) located by default in $ORACLE_HOME/network/agent/config. Needless to say that you can easily bypass this default and have your own malicious nmiconf.tcl script run under root privileges. I verify this on HP-UX 10.20 with Oracle 7.3.3 and 8.0.4.3 on AIX 4.3 with Oracle 8.0.5.1 But it's probably Unix generic. Regards Gilles Parc Email : gparcat_private carpe diem !! ----- End forwarded message ----- -- Elias Levy Security Focus http://www.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:56:43 PDT