Oracle webserver insecurities
| Description: | Anyone who is given control of an oracle webserver account can trivially become root |
| Author: | hurtta+zz@OZONE.FMI.FI |
| Compromise: | root (local) |
| Vulnerable Systems: | Those running Oracle Wbserver 2.1 or Oracle Webserver 1.0 (included to Oracle7 Server and Oracle7 Workgroup Server) |
| Date: | 19 September 1997 |
Date: Fri, 19 Sep 1997 09:48:59 +0300
From: hurtta+zz@OZONE.FMI.FI
To: BUGTRAQ@NETSPACE.ORG
Subject: Instresting practises of Oracle [Oracle Webserver]
Hello,
Perhaps following is intresting.
Software: Oracle Webserver 2.1
Oracle Webserver 1.0 (included to Oracle7 Server and Oracle7 Workgroup Server)
Conclusion: You should use same criteria for decide who got password for oracle account
than you use to decide who got password for root account.
Backgroud: 1) Oracle Webserver comes as setuid root
2) Configuration files and software tree is owned by
oracle account.
Effects: That allows oracle account to do control
what is normally left to root account:
1) oracle account can select under what account
Oracle Webserver operates (by editing configuration
file).
2) Oracle Webserver 2.1 opens log file as root
so oracle account can append to any file
(by editing configuration file).
Notice that even if 2) is bug, that is irrelevent
because 1) supersedes that (and that looks planned
feature.)
/ Kari Hurtta
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
world.
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources:
