Title: Oracle DBSNMP Oracle Home Environment Variable Buffer Overflow
Severity: HIGH
Description:
Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation.
A problem in dbsnmp has been discovered that can allow a local user to gain elevated privileges. The problem is in the handling of the $ORACLE_HOME environment variable by dbsnmp.
When executed, the dbsnmp program checks the environment for the existance of the $ORACLE_HOME variable, from which it loads various dependencies for operation.
Upon filling the $ORACLE_HOME environment variable with 750 bytes, a buffer overflow in dbsnmp occurs. Since dbsnmp is installed with the Oracle suite as an SUID root program, this buffer overflow may be used to overwrite stack variables, including the return address, and execute code with root privileges.
To exploit this vulnerability, a user must be in the oracle group.
Affected Products:
- Oracle Oracle8 8.0.6
- Oracle Oracle8 8.1.6
- Oracle Oracle8 8.1.7
- Oracle Oracle9i Standard Edition 9.0.0
- Oracle Oracle9i Standard Edition 9.0.1
References:
- Oracle: Oracle Security Alert #23
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
