Title: Oracle DBSNMP Oracle Home Environment Variable Changing Vulnerability
Severity: HIGH
Description:
Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation.
A problem with dbsnmp included with Oracle makes it possible for a local user to gain elevated privileges. The problem is in the design of the program, and handling of the ORACLE_HOME environment variable. dbsnmp is SetUID root.
When executed, dbsnmp attempts to execute chown and chgrp, well as load various configuration files from within the Oracle root directory.
A local user may be able to take advantage of this design by altering the ORACLE_HOME directory to point towards a directory of their own crafting. In doing so, it may be possible for the user to cause dbsnmp to load a maliciously crafted piece of code at runtime, or potentially execute arbitrary commands or programs.
It should be noted that this is only an issue on Unix or Linux systems running the vulnerable software.
Affected Products:
- Oracle Oracle8 8.1.6
- Oracle Oracle8 8.1.7
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
