Bugtraq mailing list archives
Re: vulnerability in oracle binary in Oracle 8.0.5 - 8.1.6
From: Pete Finnigan <pete () peterfinnigan demon co uk>
Date: Wed, 8 Aug 2001 10:05:20 +0100
Hi Oracle creates trace files in the directory pointed at by the parameter "user_dump_dest". This parameter is set in the init.ora file. The value can be read by select name,value from v$parameter where name='user_dump_dest'; or SQL> sho parameter user_dump_dest Its been this location since at least oracle 7.1 as far as i can remember. Its also possible to set client trace files to reside in a directory pointed to by the parameter TRACE_DIRECTORY_CLIENT in the sqlnet.ora file in the network admin direcory on the client. Server side trace files are not written here tho. The permissions of the trace files on the server are governed by the umask of the user generating them, "oracle" or whoever is running the oracle shadow processes and the umask of the directory and internal rules that make the file not readable to to anyone except the software owner and the SYSDBA Unix group, usually dba. There is one other parameter that can make trace files readable. This is the un-documented init.ora parameter _trace_files_public=true, of this is set then the trace files are world readable. This can be seen by selecting the X$ tables owned by SYS, so you need to be SYS to do this. select * from x$ksppi where ksppinm='_trace_files_public'; This parameter can only be added to the init.ora file and not set in the current session by an alter session command. The database has also to be bounced for this to take affect. I didnt see the original vulnerability, could you please forward the information to me. Thanks Pete Finnigan Pentest Limited Manchester UK In message <EEEJIAELPOCPHHCNFKKPIEPCCGAA.sec () rony clara net>, Ron Cohen <sec () rony clara net> writes
Looking again at the log you provided, it is not clear to me how you was able to create the trc file in the log directory. the permission on that directory is 775, pask:pask. the trc file created with the owner:group of oracle:pask. does user pask belong to the dba group? also, there is an option in the ora.ini file to set a specific area for the trc files. i have seen this option with 8.1.x, i'm not sure about 8.0.x. _rony -----Original Message----- From: pask () plazasite com [mailto:pask () plazasite com] Sent: 02 August 2001 08:57 To: bugtraq () securityfocus com; oracle-l () faticity com Subject: vulnerability in oracle binary in Oracle 8.0.5 - 8.1.6 WWW.PLAZASITE.COM System & Security Division Title: Vulnerability in oracle binary in Oracle 8.0.5 Date: 11-12-2000 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.265 / Virus Database: 137 - Release Date: 18/07/2001
-- Pete Finnigan
Current thread:
- vulnerability in oracle binary in Oracle 8.0.5 - 8.1.6 Juan Manuel Pascual Escriba (Aug 02)
- RE: vulnerability in oracle binary in Oracle 8.0.5 - 8.1.6 Ron Cohen (Aug 04)
- RE: vulnerability in oracle binary in Oracle 8.0.5 - 8.1.6 Ron Cohen (Aug 05)
- Re: vulnerability in oracle binary in Oracle 8.0.5 - 8.1.6 Pete Finnigan (Aug 08)