Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:805
HistoryOct 19, 2000 - 12:00 a.m.

vulnerability in Oracle Internet Directory in Oracle 8.1.6

2000-10-1900:00:00
vulners.com
35
JSON
                  WWW.PLAZASITE.COM
              System & Security Division

Title: Vulnerability in oidldapd in Oracle 8.1.6
Date: 16-10-2000
Platform: Only tested in Linux, but can be exported to others.
Impact: Any user gain euid=oracle.
Author: Juan Manuel Pascual ([email protected])
Status: Vendor Contacted but no answers received. Details Below

OVERVIEW:
oidldapd is a Oracle Internet Directory. Oracle Ldap Daemon.

PROBLEM SUMMARY:
There is a buffer overflow in oidldapd that can be use by local
users to obtain euid of oracle user. With the default instalation
oracle user owns all database files.

IMPACT:
Any user with local access, can gain euid= oracle.

SOLUTION:
Maybe a chmod -s ;-)))).

STATUS:
Vendor was contacted 2 days ago. Oracle people in USA & Spain dont
answer my emails. The address contacted was [email protected] and
[email protected] and other people from Spain (with no names ;-)).

This vulnerability was researched by:
Juan Manuel Pascual Escriba [email protected]

            " In God We trust, Others We monitor "

    -------------------------------------------------------------
     Juan Manuel Pascual Escribб        Administrador de Sistemas
     PlazaSite S.A.                         c/ Tomбs Bretуn 32-38
     08950 Esplugues de Llobregat           (Barcelona),    SPAIN
     Ph: +34 93 3717398                       Fax: +34 93 3711968
     mob: 667591142                     Email: [email protected]
    -------------------------------------------------------------
JSON