Bugtraq mailing list archives
Re: Security Bug in Oracle
From: jonz () NETRAIL NET (Jonathan A. Zdziarski)
Date: Fri, 27 Aug 1999 12:21:58 -0400
does anyone know if they have made a Solaris_x86 patch for this? they have the patches openly available on http://technet.oracle.com, however the only 'Solaris' patch there was unlabeled and turned out to be for sun. On Tue, 17 Aug 1999, Elias Levy wrote:
Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i Message-ID: <19990817092232.B7591 () securityfocus com> Date: Tue, 17 Aug 1999 09:22:32 -0700 Reply-To: aleph1 () SECURITYFOCUS COM Sender: Bugtraq List <BUGTRAQ () SECURITYFOCUS COM> From: Elias Levy <aleph1 () SECURITYFOCUS COM> Subject: Security Bug in Oracle X-To: bugtraq () securityfocus com To: BUGTRAQ () SECURITYFOCUS COM Content-Length: 1179 Subject: Security Bug in Oracle X-To: bugtraq () securityfocus com To: BUGTRAQ () SECURITYFOCUS COM Content-Length: 1179 Sender: jason.axley () attws com Subject: Security Bug in Oracle ---------- Forwarded message ---------- Date: Mon, 16 Aug 1999 23:51:53 +0200 From: Gilles PARC <gparc () online fr> Subject: Security Bug in Oracle Hi Listers, I discover a new security problem with Oracle on Unix. Once again, it's with a setuid program. Do not confuse with a similar problem corrected by ORACLE some month ago with a patch called setuid_patch.sh. NEW PROBLEM : if you have installed Oracle Intelligent agent, you will find in $ORACLE_HOME/bin a program called dbsnmp. This program is setuid root and was DELIBERATELY EXCLUDED by Oracle in the forementioned patch. The security hole resides in the fact that this program executes a tcl script ( nmiconf.tcl ) located by default in $ORACLE_HOME/network/agent/config. Needless to say that you can easily bypass this default and have your own malicious nmiconf.tcl script run under root privileges. I verify this on HP-UX 10.20 with Oracle 7.3.3 and 8.0.4.3 on AIX 4.3 with Oracle 8.0.5.1 But it's probably Unix generic. Regards Gilles Parc Email : gparc () mail dotcom fr carpe diem !! ----- End forwarded message ----- -- Elias Levy Security Focus http://www.securityfocus.com/
Thank you, Jonathan A. Zdziarski Sr. Systems Administrator Netrail, inc. 888.NET.RAIL x240 http://www.netrail.net
Current thread:
- Microsoft Security Bulletin (MS99-030), (continued)
- Microsoft Security Bulletin (MS99-030) Aleph One (Aug 20)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Alan Cox (Aug 22)
- libtermcap exploit fix ... smashcap.c Hudin Lucian (Aug 22)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Pavel Kankovsky (Aug 26)
- OCE' 9400 plotters Larry W. Cashdollar (Aug 19)
- Re: OCE' 9400 plotters Patrick Cantwell (Aug 23)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Tymm Twillman (Aug 19)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Olaf Kirch (Aug 18)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Martin Schulze (Aug 19)
- Re: Security Bug in Oracle Jonathan A. Zdziarski (Aug 27)
- [RHSA-1999:030-02] Buffer overflow in cron daemon Bill Nottingham (Aug 27)