Penetration Testing mailing list archives

Eexecute privilege to 'public' on tables owned by 'sys' in Orac le

From: "INA (V. Brahmanandam)" <BrahmanandamV () emiratesbank com>
Date: Mon, 30 Jul 2001 08:02:40 +0400


                                Hi all,

                                In  my current assignment of Oracle security
review,  I have noticed that the following tables owned by 'SYS' had
'execute' privilege granted to 'PUBLIC' . This privilege has been granted to
the 'public' by default, when Oracle is installed, as I understand. I would
like to know, if a general user in the database can make an undue use of
this privilege. I would appreciate any one in  this list, who had a chance
to review this earlier, offer me  some info on this. 

                                Thanks and Regards.

                                Brahma

                                 <<EXECUTE PERMISSION FOR PUBLIC.txt>>

Attachment: EXECUTE PERMISSION FOR PUBLIC.txt
Description:

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Eexecute privilege to 'public' on tables owned by 'sys' in Orac le INA (V. Brahmanandam) (Jul 30)