does anyone know if they have made a Solaris_x86 patch for this? they have the patches openly available on http://technet.oracle.com, however the only 'Solaris' patch there was unlabeled and turned out to be for sun. On Tue, 17 Aug 1999, Elias Levy wrote: > Content-Type: text/plain; charset=us-ascii > X-Mailer: Mutt 0.95.6i > Message-ID: <19990817092232.B7591at_private> > Date: Tue, 17 Aug 1999 09:22:32 -0700 > Reply-To: aleph1at_private > Sender: Bugtraq List <BUGTRAQat_private> > From: Elias Levy <aleph1at_private> > Subject: Security Bug in Oracle > X-To: bugtraqat_private > To: BUGTRAQat_private > Content-Length: 1179 > > > Subject: Security Bug in Oracle > X-To: bugtraqat_private > To: BUGTRAQat_private > Content-Length: 1179 > > > Sender: jason.axleyat_private > Subject: Security Bug in Oracle > > ---------- Forwarded message ---------- > Date: Mon, 16 Aug 1999 23:51:53 +0200 > From: Gilles PARC <gparcat_private> > Subject: Security Bug in Oracle > > Hi Listers, > > I discover a new security problem with Oracle on Unix. > Once again, it's with a setuid program. > > Do not confuse with a similar problem corrected > by ORACLE some month ago with a patch called setuid_patch.sh. > > NEW PROBLEM : > > if you have installed Oracle Intelligent agent, you will find in > $ORACLE_HOME/bin a program called dbsnmp. > This program is setuid root and was DELIBERATELY EXCLUDED > by Oracle in the forementioned patch. > > The security hole resides in the fact that this program executes > a tcl script ( nmiconf.tcl ) located by default in > $ORACLE_HOME/network/agent/config. > > Needless to say that you can easily bypass this default and have > your own malicious nmiconf.tcl script run under root privileges. > > I verify this on HP-UX 10.20 with Oracle 7.3.3 and 8.0.4.3 > on AIX 4.3 with Oracle 8.0.5.1 > But it's probably Unix generic. > > Regards > > Gilles Parc > Email : gparcat_private > > carpe diem !! > > ----- End forwarded message ----- > > -- > Elias Levy > Security Focus > http://www.securityfocus.com/ > Thank you, Jonathan A. Zdziarski Sr. Systems Administrator Netrail, inc. 888.NET.RAIL x240 http://www.netrail.net
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:59:20 PDT