|
Oracle Home Environment Variable Validation Vulnerability
November 30, 2001
For additional details, the official advisories from Oracle
Corporation can be downloaded from:
http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf
Summary:
The dbsnmp executable can be manipulated to run programs from the
wrong directory. This is accomplished by modifying the ORACLE_HOME
environmental variable to point to a location other than the actual
location of Oracle. Because the dbsnmp process runs setuid, this
allows an attacker to elevate his or her privilege to the level of
the oracle operating system account.
Fix:
Remove the setuid bit from the file (chmod -s dbsnmp) or apply the
available patch which can be downloaded from
http://metalink.oracle.com.
Background:
This vulnerability is based on the Oracle Enterprise Manager
Intelligent Agent. This issue exists because the executable file for
this process, dbsnmp, runs with the setuid bit enabled. That means
this problems ONLY EXIST ON UNIX (OR LINUX) VERSIONS OF ORACLE. If
you are not using the Intelligent Agent, you should remove the setuid
bit from this process. You can also avoid this issue by restricting
access to the Oracle operating system files. Only database
administrators should have access to these files.
The Oracle Intelligent Agent performs the following functions:
-Provides local services or calling operating system dependent
services to interact locally with the managed targets.
-Checks for events, and queuing the resulting event reports for
Oracle Enterprise Manager.
-Runs Oracle Enterprise Manager jobs, collecting their results and
output, and/or queuing the results as required.
-Cancels jobs or events as directed by the Console or other
applications.
-Handles requests to send SNMP traps for events if SNMP is supported
on the Intelligent Agent's platform.
|
