exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ISS Security Advisory August 23, 1999

ISS Security Advisory August 23, 1999
Posted Aug 24, 1999

Internet Security Systems (ISS) X-Force has discovered additional local vulnerabilities in the Oracle Intelligent Agent that may lead to root compromise. Local attackers may use these vulnerabilities to execute arbitrary commands as root, as well as create root-owned world-writable files anywhere on the file system.

SHA-256 | b4c7007361061b0c9b49fa5f9c01d795290c6aec86d020f87565d5e2b4b0e414

ISS Security Advisory August 23, 1999

Change Mirror Download

From xforce@iss.net Tue Aug 24 06:04:31 1999
From: X-Force <xforce@iss.net>
Resent-From: mea culpa <jericho@dimensional.com>
To: alert@iss.net
Resent-To: jericho@attrition.org
Cc: X-Force <xforce@iss.net>
Date: Mon, 23 Aug 1999 17:35:31 -0400 (EDT)
Subject: ISSalert: ISS Security Advisory: Additional Root Compromise Vulnerabilities in Oracle 8


TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----

ISS Security Advisory
August 23, 1999

Additional Root Compromise Vulnerabilities in Oracle 8

Synopsis:

Internet Security Systems (ISS) X-Force has discovered additional local
vulnerabilities in the Oracle Intelligent Agent that may lead to root
compromise. Local attackers may use these vulnerabilities to execute
arbitrary commands as root, as well as create root-owned world-writable
files anywhere on the file system.

Description:

This advisory describes additional Oracle Intelligent Agent
vulnerabilities that were not described in the ISS X-Force advisory
titled, "Root Compromise Vulnerabilities in Oracle 8." This advisory
describes two vulnerabilities that stem from trusted environment
variables, as well as from implicit trust of rogue Oracle configuration
files.

The Intelligent Agent binary, 'dbsnmp' is a setuid root executable. The
Intelligent Agent is a host-based agent that can be used to monitor,
configure, and maintain remote database instances with the Oracle
Enterprise manager. The Intelligent Agent is part of the Oracle
distribution

Fix Information:

If remote database administration with the Intelligent Agent is not
required, the setuid bit on the 'dbsnmp' binary should be removed. As
root, execute the following command:

# chmod 755 $ORACLE_HOME/bin/dbsnmp

Fix Information:

ISS X-Force has worked with Oracle to provide a patch for the
vulnerabilities described in this advisory. This patch is available to
the public on technet.oracle.com. The direct URL is
http://technet.oracle.com/misc/agent/section.htm.

Oracle has provided the following information to answer any questions
concerning these vulnerabilities. The FAQ is available in HTML format at
http://technet.oracle.com/misc/agent/faq.htm.

1. Do I need to upgrade my databases to 8.0.5 or 8.0.6 in order to pick
up this fix?

No! The Agent may be upgraded on its own, without affecting the version
of the databases it manages. To do this, install the Agent and the
appropriate patch in a separate Oracle Home. This Agent will be able to
manage all targets on its node, irrespective of their versions.

2. What can I do until the fix is available on my platform?

While waiting for the fix to be available on your platform, you may use
the following workaround:

Create a Unix user with normal permissions under which the Agent runs
Enterprise Manager jobs.

Note: This means all jobs submitted through the Enterprise Manager
Console will now run as the 'normal user' instead of the user specified
as preferred credentials within the Console. Additionally, the 'normal
user' will only have access to the \ORACLE_HOME\Agent directory, unless
otherwise specified by the system administrator. Finally, the Agent will
only start as the 'normal user.'

Steps to apply the workaround:

On the system on which the Agent resides, choose/create a Unix user with
normal permissions on the system. This user must not be: (A) The user who
installed the Oracle RDBMS Server and other Oracle products on the system
OR (B) A user with root privileges. The user must belong to a normal
group and not "dba".

For example:

1 Create a user "agent" belonging to group "agentgrp".
2. Install an Agent in a new Oracle Home as user "agent". Note: DO NOT
run the root.sh script under this Oracle Home as part of this
installation process.
3. Shutdown the old Agent.
4. Copy files from the Oracle Home of the old Agent to the Oracle Home of
the newly installed Agent as follows:

cp $ORACLE_HOME(old)/network/agent/* $ORACLE_HOME(new)/network/agent

Important: Make sure that the user "agent" owns all files under the
$ORACLE_HOME(new)/network/agent directory.

Using a terminal window that has the environment of user "agent", start
the Agent with:

lsnrctl dbsnmp_start

For further security, job system access can be prevented if you are using
Enterprise Manager version 2.0.

To do so, log into the Enterprise Manager Console as a Super
Administrator. Using the System -> Manage Administrators option, edit the
General Preferences, deactivating 'Access to Job System' for each
Administrator you wish to prevent from using the job system.

If you are not comfortable with this workaround, you can suspend use of
the Agent until the fix is available on your platform.

ISS X-Force recommends that all administrators also complete a proactive
survey of their Oracle installations to determine which databases require
the Intelligent Agent.

Additional Information:

Dan Ingevaldson <dingevaldson@iss.net> of the ISS X-Force primarily
researched these vulnerabilities. ISS X-Force would like to thank Oracle
Corporation for their response and handling of these vulnerabilities.

________

About ISS:

ISS leads the market as the source for e-business risk management
solutions, serving as a trusted security provider to thousands of
organizations including 21 of the 25 largest U.S. commercial banks and
more than 35 government agencies. With its Adaptive Security Management
approach, ISS empowers organizations to measure and manage enterprise
security risks within Intranet, extranet and electronic commerce
environments. Its award-winning SAFEsuite(r) product line of intrusion
detection, vulnerability management and decision support solutions are
vital for protection in today's world of global connectivity, enabling
organizations to proactively monitor, detect and respond to security
risks. Founded in 1994, ISS is headquartered in Atlanta, GA with
additional offices throughout the U.S. and international operations in
Australia/New Zealand, Belgium, France, Germany, Japan, Latin America and
the UK. For more information, visit the ISS Web site at www.iss.net or
call 800-776-2362.

Copyright (c) 1999 by Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this
Alert in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.

X-Force PGP Key available at: http://xforce.iss.net/sensitive.php3 as
well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBN8G90zRfJiV99eG9AQE6CwP/SYY0jBqr7KT0STNjT8Kw6dCM6DTboYjj
cCTxEc5Lvp7xER2N80RxbUUBdjY+7mftSWlZi9Fi8GAWrIe0Zvmon6zXx9WFbXrh
N0ofLlrE1hKppYj4WTmAahDsp46fyA8EL9R+OjnFz+EHYTYQ0LOmtPugUXbzLKo1
WzFZUZLwwTc=
=oRM1
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close