Date: Fri, 30 Apr 1999 14:11:39 +0100
From: Anthony Clarke <[email protected]>
To: [email protected]Subject: *Huge* security hole in Oracle 8.0.5 with Intellegent agent installedoracle-digested
------------- Begin Forwarded Message -------------
Subject: *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed
From: Dan Sugalski <[email protected]>
Date: Thu, 29 Apr 1999 08:34:30 -0700
X-Message-Number: 46
Subject: oracle-digested
Folks,
This is a big heads up for everyone. If you're running Oracle 8.0.5 on a
Unix box, do *not* install and configure the Intellegent Agent option. If
you have, find the bin/oratclsh file and REMOVE THE SUID BIT!
oratclsh is a Tcl app that provides full access to Tcl. It's also installed
as suid root. Running oratclsh gives anyone with even the most modest Tcl
knowledge the ability to execute arbitrary Tcl commands *while running as
root*! This includes the exec command, which spawns off a subshell (as
root) to run any command on the system. Anyone with half a brain is exactly
three commands away from full root access. Anyone with a whole brain is
exactly *one* command away from full root access.
This hole has been verified on both Linux and Solaris with Oracle 8.0.5. It
probably exists in all Unix versions of 8.0.5. Whether it exists in later
versions is unknown. (I don't believe it exists in 8.0.4, but I can't
verify that at the moment) I also don't know if it affects non-Unix
versions of 8.0.5.
Once again, Intellegent Agent only needs to be *installed* (and the root.sh
part of the setup run) to open this hole. The agent does *not* need to be
started--just installed.
Dan
---------------------------------------------"it's like this"--------------
Dan Sugalski (541) 737-3346 even samurai
SysAdmin have teddy bears
Oregon University System and even the teddy bears
[email protected] get drunk
----------------------------------------------------------------------
------------- End Forwarded Message -------------
============ ==================================
Ian Harrison Phone: +44 (0)181 214 2121
Oracle DBA Fax: +44 (0)181 214 4473
One2One Email: [email protected]
============ ==================================
------------- End Forwarded Message -------------
