Title: Oracle for Linux Installer Vulnerability
Severity: MODERATE
Description:
A vulnerability exists in the installation program for Oracle 8.1.5i. The Oracle installation scripts will create a directory named /tmp/orainstall, owned by oracle:dba, mode 711. Inside of this directory it will create a shell script named orainstRoot.sh, mode 777. The installation script will then stop and ask the person installing to run this script. The installation program at no point attempts to determine if the directory or script already exist. This makes it possible to create a symbolic link from the orainstRoot.sh file to elsewhere on the file system. This could be used to create a .rhosts file, for instance, and gain access to the root account. In addition, since the orainstRoot.sh file is mode 777, it is possible for any user on the machine to edit this script to execute arbitrary commands when run by root. Again, this can result in the compromise of the root account.
It is not readily apparent what versions of Oracle this does and does not affect. It has been confirmed on Oracle 8.1.5i, on the Linux/Intel platform. It is likely that this vulnerability may exists in other versions, and on other platforms. If you have any information about this, please mail us at: vuldb@securityfocus.com.
Affected Products:
- Oracle Oracle8i Standard Edition 8.1.5
References:
- Oracle: Oracle Support Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
