WWW.PLAZASITE.COM
System & Security Division
Title: Vulnerability in oidldapd in Oracle 8.1.6
Date: 16-10-2000
Platform: Only tested in Linux, but can be exported to others.
Impact: Any user gain euid=oracle.
Author: Juan Manuel Pascual ([email protected])
Status: Vendor Contacted but no answers received. Details Below
OVERVIEW:
oidldapd is a Oracle Internet Directory. Oracle Ldap Daemon.
PROBLEM SUMMARY:
There is a buffer overflow in oidldapd that can be use by local
users to obtain euid of oracle user. With the default instalation
oracle user owns all database files.
IMPACT:
Any user with local access, can gain euid= oracle.
SOLUTION:
Maybe a chmod -s ;-)))).
STATUS:
Vendor was contacted 2 days ago. Oracle people in USA & Spain dont
answer my emails. The address contacted was [email protected] and
[email protected] and other people from Spain (with no names ;-)).
This vulnerability was researched by:
Juan Manuel Pascual Escriba [email protected]
–
" In God We trust, Others We monitor "
-------------------------------------------------------------
Juan Manuel Pascual Escribб Administrador de Sistemas
PlazaSite S.A. c/ Tomбs Bretуn 32-38
08950 Esplugues de Llobregat (Barcelona), SPAIN
Ph: +34 93 3717398 Fax: +34 93 3711968
mob: 667591142 Email: [email protected]
-------------------------------------------------------------