Oracle 8.0.6

From: Andy Rees (cs61ar@yahoo.co.uk)
Date: 11/30/01 

Message-ID: <20011130162905.60993.qmail@web14809.mail.yahoo.com>
Date: Fri, 30 Nov 2001 16:29:05 +0000 (GMT)
From: Andy Rees <cs61ar@yahoo.co.uk>
Subject: Oracle 8.0.6
To: pen-test@securityfocus.com

Dear All,

I was wondering if anybody has any ideas about this
one.

I am undertaking a security audit and have managed to
get the Oracle SYSTEM account password for an Oracle
8.0.6 server running on Solaris 2.7. This has allowed
me to login to the server via SQLPLUS. The server in
question has 'utl_file_dir = *' set in the initSID.ora
file. (It is only a test server ....).

Whilst I can write Oracle scripts that allow me to
read and write system files (solaris file permissions
allowing) but I cannot find a way of compromising the
actual host OS from this position, I can read the
/etc/passwd file but I cannot write to it and I cannot
even read the /etc/shadow (as you would expect)

Any ideas any of you guys have would be most
appreciated.

Thanks in advance

Andrew

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Quantcast