lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu May  5 12:06:37 2005
From: ak at red-database-security.com (Kornbrust, Alexander)
Subject: Oracle 10g DBMS_SCHEDULER SESSION_USER issue

Red-Database-Security GmbH Oracle Security Advisory 


Name               Oracle 10g DBMS_SCHEDULER SESSION_USER issue
Systems Affected   Oracle Database 10g
Severity           Medium Risk
Category           Switch SESSION_USER to SYS
Vendor URL         http://www.oracle.com
Author             Alexander Kornbrust (ak at red-database-security.com)
Date               03 May 2005  (V 1.00)
VU#                176909


Description
###########
Every user with CREATE JOB privilege can switch the SESSION_USER to SYS
by 
executing a database job via dbms_scheduler. This could cause problems
with 
VPD (virtual private database) or OLS (Oracle label security) and could
allow 
privilege escalation.

This issue is not related to the Oracle Critical Patch Update 2005.



More details including test case available:
##########################################

http://www.red-database-security.com/exploits/oracle_exploit_dbms_schedu
ler_select_user.html




Patch Information
#################
This information has been public for months but Oracle never released a 
security alert for this issue. Applying patchset 10.1.0.4 is fixing this

issue.



History:
########
07 October 2004	Published at the Oracle Enterprise Server Forum in
Metalink





About Red-Database-Security GmbH
#################################
Red-Database-Security GmbH is a specialist in Oracle Security. 

http://www.red-database-security.com

Powered by blists - more mailing lists