Bugtraq mailing list archives
"Dec. 6: Oracle server vulnerable on Unix"
From: "Elan Hasson" <elan () daryl org>
Date: Tue, 22 Jan 2002 10:12:28 -0500
Not sure if this was discussed on the list(i didn't see it), but saw this on msnbc.com today: http://www.msnbc.com/news/668334.asp "Dec. 6: Oracle server vulnerable on Unix" "The Oracle database server has a security vulnerability on Unix operating systems. The problem occurs when a non-privileged user like nobody runs the Oracle executable which has a SETUID bit. This can result in the non-privileged user overwriting Oracle log files, creating new files, and/or changing the ORACLE_HOME environment variable. For a workaround remove the execute permissions for the other group: %chmod o-x oracle. Affected versions: 8.0.x, 8.1.x, 9.0.1." also linked to http://www.msnbc.com/news/BUGOFTHEDAY_Front.asp Sorry if this has already been discussed.
Current thread:
- "Dec. 6: Oracle server vulnerable on Unix" Elan Hasson (Jan 22)