[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Oracle 10g DBMS_SCHEDULER SESSION_USER issue
From:       Alexander Kornbrust <ak () red-database-security ! com>
Date:       2005-05-05 11:00:06
Message-ID: 20050505110006.25926.qmail () www ! securityfocus ! com
[Download RAW message or body]



Red-Database-Security GmbH Oracle Security Advisory 


Name               Oracle 10g DBMS_SCHEDULER SESSION_USER issue
Systems Affected   Oracle Database 10g
Severity           Medium Risk
Category           Switch SESSION_USER to SYS
Vendor URL         http://www.oracle.com
Author             Alexander Kornbrust (ak at red-database-security.com)
Date               03 May 2005  (V 1.00)



Description
###########
Every user with CREATE JOB privilege can switch the SESSION_USER to SYS by executing \
a database job via dbms_scheduler. This could cause problems with VPD (virtual \
private database) or OLS (Oracle label security) and could allow privilege \
escalation.

This issue is not related to the Oracle Critical Patch Update 2005.



More details including testcase available:
##########################################

http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html





Patch Information
#################
This information has been public for months but Oracle never released a security \
alert for this issue. Applying patchset 10.1.0.4 is fixing this issue.



History:
########
07 October 2004	Published at the Oracle Enterprise Server Forum in Metalink





About Red-Database-Security GmbH
#################################
Red-Database-Security GmbH is a specialist in Oracle Security. 

http://www.red-database-security.com


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic