The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Oracle Trace Collection Security Vulnerability


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Wed, 24 Oct 2001 13:02:18 -0700
From: Oracle Security Alerts <[email protected]>
To: [email protected]
Subject: Oracle Trace Collection Security Vulnerability

--------------1EE7670F9A3A151F2095CE68
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Security Alert #19
Reference Date: 10/18/01

Oracle Trace Collection Security Vulnerability

Overview
A potential security vulnerability has been discovered in the handling
of the environment variable, ORACLE_HOME. A buffer overflow is caused
when the Oracle binary, otrcrep, translates the environment variable,
ORACLE_HOME, into a string of 240 or more bytes. The Oracle binary
otrcrep runs with the SETUID oracle privileges in the operating system
DBA group. The buffer overflow may be exploited by a local user to force
overwriting of stack variables in shared memory including the return
memory address(es) and thereby execute arbitrary (or specific,
malicious) code with the privileges of the oracle user and/or the DBA
group privileges.

Products
All Oracle database server releases (8.0.x, 8.1.x and 9.0.1)

Platforms
All Unix platforms

Workaround
If the ORACLE_HOME environment variable is being translated into a
string of 240 or more bytes, disable Oracle Trace by setting its control
parameter in init<SID>.ora as follows:

oracle_trace_enable=FALSE

Change the file permissions on all of the Oracle Trace executables as
follows:
% chmod -s otrccol otrccref otrcfmt otrcrep
% chmod 751 otrccol otrccref otrcfmt otrcrep

Patches
The potential security vulnerability will be code-fixed in the next
release of the Oracle database server which is Oracle9i, Release 2,
only. All other releases of the Oracle database (8.0.x, 8.1.x and 9.0.1)
must use follow the workarounds specified above to circumvent the
potential security vulnerability.

Credits
Oracle wishes to thank Juan Manuel Pascual Escribц for discovering these
vulnerabilities and promptly bringing them to Oracle's attention.


--------------1EE7670F9A3A151F2095CE68--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру