[11570] in bugtraq
Re: Security Bug in Oracle
daemon@ATHENA.MIT.EDU (Jonathan A. Zdziarski)
Sat Aug 28 22:39:09 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSI.4.05L.9908271221200.16615-100000@cartman.netrail.net>
Date: Fri, 27 Aug 1999 12:21:58 -0400
Reply-To: "Jonathan A. Zdziarski" <jonz@NETRAIL.NET>
From: "Jonathan A. Zdziarski" <jonz@NETRAIL.NET>
X-To: Elias Levy <aleph1@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19990817092232.B7591@securityfocus.com>
does anyone know if they have made a Solaris_x86 patch for this? they
have the patches openly available on http://technet.oracle.com, however
the only 'Solaris' patch there was unlabeled and turned out to be for
sun.
On Tue, 17 Aug 1999, Elias Levy wrote:
> Content-Type: text/plain; charset=us-ascii
> X-Mailer: Mutt 0.95.6i
> Message-ID: <19990817092232.B7591@securityfocus.com>
> Date: Tue, 17 Aug 1999 09:22:32 -0700
> Reply-To: aleph1@SECURITYFOCUS.COM
> Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
> From: Elias Levy <aleph1@SECURITYFOCUS.COM>
> Subject: Security Bug in Oracle
> X-To: bugtraq@securityfocus.com
> To: BUGTRAQ@SECURITYFOCUS.COM
> Content-Length: 1179
>
>
> Subject: Security Bug in Oracle
> X-To: bugtraq@securityfocus.com
> To: BUGTRAQ@SECURITYFOCUS.COM
> Content-Length: 1179
>
>
> Sender: jason.axley@attws.com
> Subject: Security Bug in Oracle
>
> ---------- Forwarded message ----------
> Date: Mon, 16 Aug 1999 23:51:53 +0200
> From: Gilles PARC <gparc@online.fr>
> Subject: Security Bug in Oracle
>
> Hi Listers,
>
> I discover a new security problem with Oracle on Unix.
> Once again, it's with a setuid program.
>
> Do not confuse with a similar problem corrected
> by ORACLE some month ago with a patch called setuid_patch.sh.
>
> NEW PROBLEM :
>
> if you have installed Oracle Intelligent agent, you will find in
> $ORACLE_HOME/bin a program called dbsnmp.
> This program is setuid root and was DELIBERATELY EXCLUDED
> by Oracle in the forementioned patch.
>
> The security hole resides in the fact that this program executes
> a tcl script ( nmiconf.tcl ) located by default in
> $ORACLE_HOME/network/agent/config.
>
> Needless to say that you can easily bypass this default and have
> your own malicious nmiconf.tcl script run under root privileges.
>
> I verify this on HP-UX 10.20 with Oracle 7.3.3 and 8.0.4.3
> on AIX 4.3 with Oracle 8.0.5.1
> But it's probably Unix generic.
>
> Regards
>
> Gilles Parc
> Email : gparc@mail.dotcom.fr
>
> carpe diem !!
>
> ----- End forwarded message -----
>
> --
> Elias Levy
> Security Focus
> http://www.securityfocus.com/
>
Thank you,
Jonathan A. Zdziarski
Sr. Systems Administrator
Netrail, inc.
888.NET.RAIL x240
http://www.netrail.net
