vulnerability #1 in Oracle Internet Directory 2.1.1.1 in Oracle 8.1.7

2000-12-22T00:00:00
ID SECURITYVULNS:DOC:1106
Type securityvulns
Reporter Securityvulns
Modified 2000-12-22T00:00:00

Description

                  WWW.PLAZASITE.COM
              System & Security Division

Title: Vulnerability in oidldapd in Oracle 8.1.7 Date: 10-12-2000 Platform: Only tested in Linux, but can be exported to others. Impact: Any user gain euid=root. Author: Juan Manuel Pascual (pask@plazasite.com) Status: Vendor Contacted answers received. Details Below

OVERVIEW: oidldapd is a Oracle Internet Directory. Oracle Ldap Daemon. The actual version is 2.1.1.1

PROBLEM SUMMARY: There is a buffer overflow in oidldapd that can be use by local users to obtain euid of root user. Easy for user oracle.

IMPACT: Any user with local access, can gain euid= root.

SOLUTION: Chmod -s ;-)))).

STATUS: Vendor was contacted 10-Dec-2000. They point me to metalink site then all to metalink site ;-)


This vulnerability was researched by: Juan Manuel Pascual Escriba pask@plazasite.com

--

            " In God We trust, Others We monitor "

    -------------------------------------------------------------
     Juan Manuel Pascual Escribб        Administrador de Sistemas
     PlazaSite S.A.                         c/ Tomбs Bretуn 32-38
     08950 Esplugues de Llobregat           (Barcelona),    SPAIN
     Ph: +34 93 3717398                       Fax: +34 93 3711968
     mob: 667591142                     Email: pask@plazasite.com
    -------------------------------------------------------------