ASI Oracle Security Alert: Oracle Home Environment Variable Buffer Overflow

2001-12-01T00:00:00
ID SECURITYVULNS:DOC:2233
Type securityvulns
Reporter Securityvulns
Modified 2001-12-01T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Oracle Home Environment Variable Buffer Overflow

For additional details, the official advisories from Oracle Corporation can be downloaded from: http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf

Summary: By setting a long ORACLE_HOME value (more than 750 bytes), an attacker can manipulate the dbsnmp executable to run tasks for them. Because the dbsnmp process runs setuid, this allows an attacker to elevate his or her privilege to the level of the oracle operating system account.

Fix: Remove the setuid bit from the file (chmod -s dbsnmp) or apply the available patch which can be downloaded from http://metalink.oracle.com.

Background: This vulnerability is based on the Oracle Enterprise Manager Intelligent Agent. This issue exists because the executable file for this process, dbsnmp, runs with the setuid bit enabled. That means this problems ONLY EXIST ON UNIX (OR LINUX) VERSIONS OF ORACLE. If you are not using the Intelligent Agent, you should remove the setuid bit from this process. You can also avoid this issue by restricting access to the Oracle operating system files. Only database administrators should have access to these files.

The Oracle Intelligent Agent performs the following functions: - -Provides local services or calling operating system dependent services to interact locally with the managed targets. - -Checks for events, and queuing the resulting event reports for Oracle Enterprise Manager. - -Runs Oracle Enterprise Manager jobs, collecting their results and output, and/or queuing the results as required. - -Cancels jobs or events as directed by the Console or other applications. - -Handles requests to send SNMP traps for events if SNMP is supported on the Intelligent Agent's platform.

Thank you, support@appsecinc.com Application Security, Inc. phone: 212-490-6022 - -Protection Where It Counts-


Application Security, Inc. www.appsecinc.com

As pioneers in application security, we are an organization dedicated to the security, defense, and protection of one of the most commonly overlooked areas of security — the application layer. Application Security, Inc. provides solutions to proactively secure (penetration testing/vulnerability assessment), actively defend/monitor (intrusion detection), and protect (encryption) your most critical applications.


To unsubscribe from this list, send an email to unsubscribe@appsecinc.com with the word "unsubscribe oracle" in the subject list.


-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPAfux5FBAgFQ9JykEQLfUwCdErCFHrwpir6NUhS+F7OcOfoGY9UAnAk6 i/2Faxt+w2fQAnd6zh0m0Pqf =jkb7 -----END PGP SIGNATURE-----