Oracle Database Server contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the database user. Updates are not available.
Description
Oracle Database Server contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the database user.
The vulnerability is due to a security weakness in the JAVA_ADMIN role. An attacker with the JAVA_ADMIN role and privileges to create procedures could exploit the vulnerability to run arbitrary commands on the underlying operating system with the privileges of the database server. Code execution could allow the attacker to escalate his privileges to those of OSDBA.
Functional exploit code is publicly available.
Oracle has not confirmed this vulnerability and updated software is not available.
Warning Indicators
Oracle Database Server version 10.2.0.3 is vulnerable. Other versions may also be affected.
IntelliShield Analysis
The JAVA_ADMIN role may appear to be a low-privileged account but, when combined with the privilege to create procedures, it can be used to create script files and run them on the underlying operating system. Any such code execution would take place with the privileges of the database server process and could result in a full compromise of the affected database.
Vendor Announcements
Vendor announcements are not available.
Impact
An authenticated, remote attacker with the JAVA_ADMIN role could execute arbitrary commands on the underlying operating system with the privileges of the database server. This action could allow the attacker to escalate privileges to OSDBA.
Technical Information
The vulnerability exists because the JAVA_ADMIN role combined with the privilege to create procedures can allow an attacker to create script files on the underlying operating system and gain the privileges to execute the files.
An authenticated, remote attacker could run a command to change the OSDBA password to a known value. This action could allow privilege escalation to OSDBA.
Safeguards
Administrators are advised to contact the vendor regarding future updates and releases.
Administrators are advised to grant JAVA_ADMIN privileges only to trusted users.
Administrators are advised to monitor affected systems for signs of suspicious activities.
The security vulnerability applies to the following combinations of products.
Primary Products:
Oracle Corporation
Oracle Database Server 10g
10.2 .0.3
Associated Products:
N/A
Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the
Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service.
This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment. Cisco is pleased to offer a free trial of the service.
To register for full access, please visit the IntelliShield trial registration page.
LEGAL DISCLAIMER The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
