Unix Security Technical Tip

This page offers advice from one of our Senior Database Administrators.

Systems Effected
Oracle RDBMS Version 8.0.3, 8.0.4, 8.0.5 & 8.1.5 - All Unix Platforms

Problem Description
Possible security breach through Oracle executables with setuid bit enabled being overwritten. Your system may be exposed to a security vulnerability that may allow a local intruder to create, append to, or overwrite privileged Oracle files. The vulnerabilities may also allow intruders to execute commands as the Oracle user.

The vulnerability relates to several administrative utilities, shipped with the above versions of Oracle, which are owned by the Oracle user that have the setuid bit enabled.

Solution
Oracle has released a patch to fix this vulnerability which contains bug numbers 701297 and 714293. The patch should be applied immediately to your system details of which can be found via Alert Reference Note: 69879.1

Unlimited Solutions recommends that all sites running Unix systems regularly interrogate their systems to identify setuid programs.

If you need assistance applying this patch, or with any other Oracle database administration or security issue please contact Unlimited Solutions Pty. Ltd.

The information provided on this page is provided free of charge and is accurate to the best of our knowledge and experience but must not be taken as professional advice and is not guaranteed in any way.


Professionalism, Experience and Knowledge working for you