Vulnerability

    Oracle

Affected

    munices

Description

    Gilles Parc discovered a new security problem with Oracle on Unix.
    Once again, it's  with a setuid  program.  Do  not confuse with  a
    similar problem corrected by ORACLE   some month ago with a  patch
    called setuid_patch.sh.

    If you have installed Oracle  Intelligent agent, you will find  in
    $ORACLE_HOME/bin a program called dbsnmp.  This program is  setuid
    root and was DELIBERATELY EXCLUDED by Oracle in the  forementioned
    patch.  The security hole resides  in the fact  that this  program
    executes  a  tcl  script  (  nmiconf.tcl  ) located by default  in
    $ORACLE_HOME/network/agent/config.

    Needless to say that  you can easily bypass this default and  have
    your own malicious nmiconf.tcl script run under root privileges.

    This has been verify on HP-UX 10.20 with  Oracle 7.3.3 and 8.0.4.3
    on AIX 4.3 with Oracle 8.0.5.1, but it's probably Unix generic.

Solution

    Nothing yet.