Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Oracle :: ora5019.htm

Oracle local DoS



23th Jan 2002 [SBWID-5019]
COMMAND

	Oracle local DoS

SYSTEMS AFFECTED

	Oracle 8.0.x, 9.0.x, 9.0.1

PROBLEM

	In MSNBC report [http://www.msnbc.com/news/668334.asp] :
	

	The  Oracle  database  server  has  a  security  vulnerability  on  Unix
	operating systems. The problem occurs when a  non-privileged  user  like
	“nobody” runs the Oracle executable which has a  SETUID  bit.  This  can
	result  in  the  non-privileged  user  overwriting  Oracle  log   files,
	creating  new  files,  and/or  changing  the   ORACLE_HOME   environment
	variable.

SOLUTION

	remove the execute permissions for the ‘other’ group: %chmod o-x  oracle
	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH