Re: Security Bug in Oracle

From: Jonathan A. Zdziarski (jonzat_private)
Date: Fri Aug 27 1999 - 09:21:58 PDT

Next message: Bill Nottingham: "[RHSA-1999:030-02] Buffer overflow in cron daemon"

Previous message: Olaf Kirch: "Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock"
Maybe in reply to: Elias Levy: "Security Bug in Oracle"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

does anyone know if they have made a Solaris_x86 patch for this?  they
have the patches openly available on http://technet.oracle.com, however
the only 'Solaris' patch there was unlabeled and turned out to be for
sun.

On Tue, 17 Aug 1999, Elias Levy wrote:

> Content-Type: text/plain; charset=us-ascii
> X-Mailer: Mutt 0.95.6i
> Message-ID:  <19990817092232.B7591at_private>
> Date:         Tue, 17 Aug 1999 09:22:32 -0700
> Reply-To: aleph1at_private
> Sender: Bugtraq List <BUGTRAQat_private>
> From: Elias Levy <aleph1at_private>
> Subject:      Security Bug in Oracle
> X-To:         bugtraqat_private
> To: BUGTRAQat_private
> Content-Length: 1179
>
>
> Subject:      Security Bug in Oracle
> X-To:         bugtraqat_private
> To: BUGTRAQat_private
> Content-Length: 1179
>
>
> Sender: jason.axleyat_private
> Subject: Security Bug in Oracle
>
> ---------- Forwarded message ----------
> Date: Mon, 16 Aug 1999 23:51:53 +0200
> From: Gilles PARC <gparcat_private>
> Subject: Security Bug in Oracle
>
> Hi Listers,
>
> I discover a new security problem with Oracle on Unix.
> Once again, it's with a setuid program.
>
> Do not confuse with a similar problem corrected
> by ORACLE  some month ago with a patch called setuid_patch.sh.
>
> NEW PROBLEM :
>
> if you have installed Oracle Intelligent agent, you will find in
> $ORACLE_HOME/bin a program called dbsnmp.
> This program is setuid root and was DELIBERATELY EXCLUDED
> by Oracle in the forementioned patch.
>
> The security hole resides in the fact  that this program executes
> a tcl script ( nmiconf.tcl ) located by default  in
> $ORACLE_HOME/network/agent/config.
>
> Needless to say that  you can easily bypass this default and have
> your own malicious nmiconf.tcl script run under root privileges.
>
> I verify this on HP-UX 10.20 with  Oracle 7.3.3 and 8.0.4.3
>                     on AIX 4.3  with Oracle 8.0.5.1
> But  it's probably Unix generic.
>
> Regards
>
> Gilles Parc
> Email : gparcat_private
>
> carpe diem !!
>
> ----- End forwarded message -----
>
> --
> Elias Levy
> Security Focus
> http://www.securityfocus.com/
>

Thank you,

Jonathan A. Zdziarski
Sr. Systems Administrator
Netrail, inc.
888.NET.RAIL x240
http://www.netrail.net

Next message: Bill Nottingham: "[RHSA-1999:030-02] Buffer overflow in cron daemon"
Previous message: Olaf Kirch: "Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock"
Maybe in reply to: Elias Levy: "Security Bug in Oracle"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:59:20 PDT