October 25, 2001

Oracle trace collection security vulnerability

Author: JT Smith

"A potential security vulnerability has been discovered in the
handling of the environment variable, ORACLE_HOME. A buffer
overflow is caused when the Oracle binary, otrcrep, translates the
environment variable, ORACLE_HOME, into a string of 240 or more
bytes. The Oracle binary otrcrep runs with the SETUID oracle
privileges in the operating system DBA group. The buffer overflow
may be exploited by a local user to force overwriting of stack
variables in shared memory including the return memory address(es)
and thereby execute arbitrary (or specific, malicious) code with
the privileges of the oracle user and/or the DBA group privileges." Details at Help Net Security.


  • Linux
Click Here!