Bugtraq mailing list archives
*Huge* security hole in Oracle 8.0.5 with Intellegent agent
From: Anthony.Clarke () one2one co uk (Anthony Clarke)
Date: Fri, 30 Apr 1999 14:11:39 +0100
------------- Begin Forwarded Message ------------- Subject: *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed From: Dan Sugalski <sugalskd () ous edu> Date: Thu, 29 Apr 1999 08:34:30 -0700 X-Message-Number: 46 Subject: oracle-digested Folks, This is a big heads up for everyone. If you're running Oracle 8.0.5 on a Unix box, do *not* install and configure the Intellegent Agent option. If you have, find the bin/oratclsh file and REMOVE THE SUID BIT! oratclsh is a Tcl app that provides full access to Tcl. It's also installed as suid root. Running oratclsh gives anyone with even the most modest Tcl knowledge the ability to execute arbitrary Tcl commands *while running as root*! This includes the exec command, which spawns off a subshell (as root) to run any command on the system. Anyone with half a brain is exactly three commands away from full root access. Anyone with a whole brain is exactly *one* command away from full root access. This hole has been verified on both Linux and Solaris with Oracle 8.0.5. It probably exists in all Unix versions of 8.0.5. Whether it exists in later versions is unknown. (I don't believe it exists in 8.0.4, but I can't verify that at the moment) I also don't know if it affects non-Unix versions of 8.0.5. Once again, Intellegent Agent only needs to be *installed* (and the root.sh part of the setup run) to open this hole. The agent does *not* need to be started--just installed. Dan ---------------------------------------------"it's like this"-------------- Dan Sugalski (541) 737-3346 even samurai SysAdmin have teddy bears Oregon University System and even the teddy bears sugalskd () ous edu get drunk ---------------------------------------------------------------------- ------------- End Forwarded Message ------------- ============ ================================== Ian Harrison Phone: +44 (0)181 214 2121 Oracle DBA Fax: +44 (0)181 214 4473 One2One Email: ian.harrison () one2one co uk ============ ================================== ------------- End Forwarded Message -------------
Current thread:
- *Huge* security hole in Oracle 8.0.5 with Intellegent agent Anthony Clarke (Apr 30)