Oracle 10g DBMS_SCHEDULER SESSION_USER issue

From: Alexander Kornbrust (ak_at_red-database-security.com)
Date: 05/05/05

  • Next message: cybertronic_at_gmx.net: "dSMTP - SMTP Mail Server 3.1b Linux Remote Root Format String Exploit"
    Date: 5 May 2005 11:00:06 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    Red-Database-Security GmbH Oracle Security Advisory

    Name Oracle 10g DBMS_SCHEDULER SESSION_USER issue
    Systems Affected Oracle Database 10g
    Severity Medium Risk
    Category Switch SESSION_USER to SYS
    Vendor URL http://www.oracle.com
    Author Alexander Kornbrust (ak at red-database-security.com)
    Date 03 May 2005 (V 1.00)

    Description
    ###########
    Every user with CREATE JOB privilege can switch the SESSION_USER to SYS by executing a database job via dbms_scheduler. This could cause problems with VPD (virtual private database) or OLS (Oracle label security) and could allow privilege escalation.

    This issue is not related to the Oracle Critical Patch Update 2005.

    More details including testcase available:
    ##########################################

    http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html

    Patch Information
    #################
    This information has been public for months but Oracle never released a security alert for this issue. Applying patchset 10.1.0.4 is fixing this issue.

    History:
    ########
    07 October 2004 Published at the Oracle Enterprise Server Forum in Metalink

    About Red-Database-Security GmbH
    #################################
    Red-Database-Security GmbH is a specialist in Oracle Security.

    http://www.red-database-security.com


  • Next message: cybertronic_at_gmx.net: "dSMTP - SMTP Mail Server 3.1b Linux Remote Root Format String Exploit"

    Relevant Pages