Application Security, Inc.
home client login partner login online store contact us
search:
Solutions Products Partners Support News & Events About Us

Team SHATTER Security Alert

Oracle Trace Collection Security Vulnerability

October 23, 2001

This vulnerability affects all versions of Oracle running on UNIX.

The SETUID bit on the executable file "otrcrep" can be exploited. The SETUID bit should be removed on all Oracle trace files including: otrccol, otrccref, otrcfmt, otrccrep.

The best recommendation for any installation of Oracle on UNIX is to limit access to the ORACLE_HOME directory to database administrators only. This can be done by changing the permissions on the ORACLE_HOME directory to 770.

For additional details from Oracle, download the file http://otn.oracle.com/deploy/security/pdf/otrcrep.pdf

Contact Us | Privacy | Sitemap | Legal
sales@appsecinc.com | support@appsecinc.com 		Call us toll free at: 1-866-927-7732 | FAX: 1-212-947-8788
. Application Security, Inc. All Rights Reserved