Vulnerability

    see below

Affected

    Oracle (7x?)

Description

    Matthew G. Harrigan posted  following.  The sqlnet  client program
    accepts command-line parameters  for username, and  password. It's
    something like:

        sqlnet user/password@INSTANCE_NAME

    so, in order to gain unauthorized access to the database, all  one
    has to do is grep through the machines proc list.

    On another note database authentication mechanism appears to do  a
    regular  expression  on  the   account  name  for  /^sys/   before
    authenticating  it,  and  upon  a  match,  assigning  system level
    access to  that accou  nt.   For example  if your  account name is
    sysdood  or  sysenor,  oracle  assumes  you are infact system, and
    logs you in as such.

Solution

    Notning yet.