Red-Database-Security GmbH is specialized in Oracle SecurityProductsRepscan 2.5 Hedgehog Enterprise Checkpwd (free)
Services
Information
Company
|
Oracle Forms Insecure Temporary File Handling
Details If the number of records in a Oracle Forms application retrieved from the database exceeds the parameter "buffered records" Oracle Forms will create a temp file located in the temp directory of the application server. This temp file contains an unencrypted copy of the database table used in the Forms application (e.g. creditcard). The default permission for these temp files (format: AAAa Example ls -la /tmp -rw-rw-r-- 1 oracle oinstall 47600 Aug 17 20:30 AAAa15400.TMP Workaround Set the environment variable TMP, TEMP and TMPDIR to a secure location. It depends on the OS of the application server what environment variable will be used. Delete old AAA* files on a regular basis. Patch Information Apply patches for the application server mentioned in Metalink Note 311038 . History 19-aug-2003 Oracle secalert was informed 20-aug-2003 Bug confirmed 12-jul-2005 Oracle published Oracle Critical Patch Update July 2005 13-jul-2005 Red-Database-Security published this advisory © 2005 by Red-Database-Security GmbH - last update 04-nov-2005 |
Oracle HTMLDB |