[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050713193633.14618.qmail@securityfocus.com>
Date: 13 Jul 2005 19:36:33 -0000
From: ak@...-database-security.com
To: bugtraq@...urityfocus.com
Subject: Advisory: Oracle Forms Insecure Temporary File Handling
Red-Database-Security GmbH - Oracle Security Advisory
Oracle Forms Insecure Temporary File Handling
Name Oracle Forms Insecure Temporary File Handling
Systems Affected Oracle Forms 4.5, 6.0, 6i, 9i
Severity Medium Risk
Category Information disclosure
Vendor URL http://www.oracle.com
Author Alexander Kornbrust (ak at red-database-security.com)
Date 13 July 2005 (V 1.00)
Advisory AKSEC2003-006
Oracle Vuln# AS04
Time to fix 693 days
Details
#######
If the number of records in a Oracle Forms application retrieved from the
database exceeds the parameter "buffered records" Oracle Forms will create
a temp file located in the temp directory of the application server. This
temp file contains an unencrypted copy of the database table used in the Forms
application (e.g. creditcard). The default permission for these temp files
(format: AAAa<processid>.TMP) is -rw-rw-r--. Every UNIX user on the application
server can read the content of this file (e.g credit card information, ...).
Example
#######
ls -la /tmp
-rw-rw-r-- 1 oracle oinstall 47600 Aug 17 20:30 AAAa15400.TMP
Workaround
##########
Set the environment variable TMP, TEMP and TMPDIR to a secure location. It depends on the OS of the application server what environment variable will be used.
Delete old AAA* files on a regular basis.
Patch Information
##################
Apply patches for the application server mentioned in Metalink Note 311038 .
History
#######
19-aug-2003 Oracle secalert_us was informed
20-aug-2003 Bug confirmed
12-jul-2005 Oracle published Oracle Critical Patch Update July 2005
13-jul-2005 Red-Database-Security published this advisory
© 2005 by Red-Database-Security GmbH
Powered by blists - more mailing lists