AOH :: Oracle :: ORA5019.HTM

AOH :: Oracle :: ORA5019.HTM
Oracle local DoS

23th Jan 2002 [SBWID-5019]

COMMAND

	Oracle local DoS

SYSTEMS AFFECTED

	Oracle 8.0.x, 9.0.x, 9.0.1

PROBLEM

	In MSNBC report [http://www.msnbc.com/news/668334.asp] :
	

	The  Oracle  database  server  has  a  security  vulnerability  on  Unix
	operating systems. The problem occurs when a  non-privileged  user  like
	“nobody” runs the Oracle executable which has a  SETUID  bit.  This  can
	result  in  the  non-privileged  user  overwriting  Oracle  log   files,
	creating  new  files,  and/or  changing  the   ORACLE_HOME   environment
	variable.

SOLUTION

	remove the execute permissions for the ‘other’ group: %chmod o-x  oracle

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.