[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CREATE ANY DIRECTORY to SYSDBA

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: CREATE ANY DIRECTORY to SYSDBA
From: paul.wright@xxxxxxxxxxxxxxxxxxx
Date: Sat, 11 Oct 2008 03:39:46 -0600

I have found a serious privilege escalation in the Oracle DB that raises a 
lower privileged user with CREATE ANY DIRECTORY to that of SYSDBA by directly 
overwriting the hidden binary password file with a known binary password file 
via UTL_DIR. Full discussion of how to defend and respond to this are included 
and YES Oracle have been forewarned.
All Oracle DB folks should read this ASAP.
http://www.oracleforensics.com/wordpress/index.php/2008/10/10/create-any-directory-to-sysdba/

Prev by Date: [SECURITY] [DSA 1646-2] New squid packages fix array bounds check
Next by Date: Re: Re: Token Kidnapping Windows 2003 PoC exploit
Previous by thread: [SECURITY] [DSA 1646-2] New squid packages fix array bounds check
Next by thread: İltaweb Alışveriş Sistemi (tr) Sql inj
Index(es):
- Date
- Thread