Home page logo
/

bugtraq logo Bugtraq mailing list archives

Oracle 10g DBMS_SCHEDULER SESSION_USER issue
From: Alexander Kornbrust <ak () red-database-security com>
Date: 5 May 2005 11:00:06 -0000



Red-Database-Security GmbH Oracle Security Advisory 


Name               Oracle 10g DBMS_SCHEDULER SESSION_USER issue
Systems Affected   Oracle Database 10g
Severity           Medium Risk
Category           Switch SESSION_USER to SYS
Vendor URL         http://www.oracle.com
Author             Alexander Kornbrust (ak at red-database-security.com)
Date               03 May 2005  (V 1.00)



Description
###########
Every user with CREATE JOB privilege can switch the SESSION_USER to SYS by executing a database job via dbms_scheduler. 
This could cause problems with VPD (virtual private database) or OLS (Oracle label security) and could allow privilege 
escalation.

This issue is not related to the Oracle Critical Patch Update 2005.



More details including testcase available:
##########################################

http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html




Patch Information
#################
This information has been public for months but Oracle never released a security alert for this issue. Applying 
patchset 10.1.0.4 is fixing this issue.



History:
########
07 October 2004 Published at the Oracle Enterprise Server Forum in Metalink





About Red-Database-Security GmbH
#################################
Red-Database-Security GmbH is a specialist in Oracle Security. 

http://www.red-database-security.com


  By Date           By Thread  

Current thread:
  • Oracle 10g DBMS_SCHEDULER SESSION_USER issue Alexander Kornbrust (May 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault