COMMAND

	Oracle local DoS

SYSTEMS AFFECTED

	Oracle 8.0.x, 9.0.x, 9.0.1

PROBLEM

	In MSNBC report [http://www.msnbc.com/news/668334.asp] :
	

	The  Oracle  database  server  has  a  security  vulnerability  on  Unix
	operating systems. The problem occurs when a  non-privileged  user  like
	“nobody” runs the Oracle executable which has a  SETUID  bit.  This  can
	result  in  the  non-privileged  user  overwriting  Oracle  log   files,
	creating  new  files,  and/or  changing  the   ORACLE_HOME   environment
	variable.

SOLUTION

	remove the execute permissions for the ‘other’ group: %chmod o-x  oracle