Oracle Articles, Oracle Tools, Oracle Tips, Database Articles and DBA Tips  

The Largest Online Resource for Oracle Articles, Oracle Tips, Oracle Scripts & Oracle Tools!!


Enter your Email:
 
Navigate at FreeMegaZone Home      Articles      Tools      Jobs      Games      Support      Submit Content      Advertise
Advertise at http://www.articles.freemegazone.com

Advertise at FreeMegaZone

Give tremendous boost to your business by advertising at FreeMegaZone. Contact webmaster@freemegazone.com
 

Rating: *****                                             Rate this article:    

 Author: Jim Milton

Page: 1 2 3

Some little known features in 11g can give anyone with DBA or IMP_FULL_DATABASE rights the ability to run any Operating System command under the same privileges the Oracle processes are running. This can results in a havoc. An attacker might erase files from audit_file_dest, may patch the Oracle binary or make a dedicated server process a SYSDBA one using a debugger.

Destructive Rights:

For this attempt an attacker must have the BECOME USER privilege as well as the execute rights on KUPP$PROC package used by DataPump. These privileges are included in DBA and IMP_FULL_DATABASE roles by default. The IMP_FULL_DATABASE role also has DROP ANY TABLE privileges. Therefore the attacker might already have pretty destructive rights in order to exploit the security flaw.

In modern Oracle versions we assume that a non-SYSDBA DBA can not alter SYS objects, shut down and restart database. A non-SYSDBA DBA can not grant SYSDBA and SYSOPER privileges and can not grant rights on some SYS objects. A non-SYSDBA DBA can not use ORADEBUG or run OS commands using Oracle executable rights.

However these assumptions do not apply to users with DBA or IMP_FULL_DATABASE role, until you fix the issue or revoke the BECOME USER privilege.

Create User:

First we will create a user with IMP_FULL_DATABASE role and will grant only CREATE SESSION privilege to it.

SQL> create user MYTESTUSER identified by MYTESTUSER;
User created.

SQL> grant create session, imp_full_database to MYTESTUSER;
Grant succeeded.

SQL> connect MYTESTUSER/MYTESTUSER@sol01
SQL> col user for a10
SQL> col username for a10
SQL> col cur_user for a10
SQL> col ses_user for a10
SQL> col cur_schema for a10

SQL> select user, username, sys_context('USERENV', 'CURRENT_USER') cur_user,

sys_context('USERENV', 'SESSION_USER') ses_user, sys_context('USERENV', 'CURRENT_SCHEMA') cur_schema from MYUSERS
/

USER USERNAME CUR_USER SES_USER CUR_SCHEMA
---------- ---------- ---------- ---------- ----------
MYTESTUSER MYTESTUSER MYTESTUSER MYTESTUSER MYTESTUSER

If BECOME USER privilege is not active then the following command would fail.

ORA-31625: Schema SYS is needed to import this object, but is unaccessible
ORA-01031: insufficient privileges Continued...

Page: 1 2 3

 More Oracle Articles, Database Articles and DBA Tips
   Database Security: Step by step guideline
   DBA Tips for Oracle Failure to Spawn!!
   Beware of major Oracle Failures: Are you Safe??
   Inside Oracle 11g Virtual Columns!
   Important Concerns related to Oracle Compression!!


FreeMegaZone Jobs!!

 
 
HOME      ABOUT US      SUPPORT      SITE MAP      PRIVACY POLICY      TERMS OF USE      SUBMIT CONTENT      ADVERTISE
Copyright © 2007 - 2010 Oriole Intellect Inc. All rights reserved.

The name Oracle is a trademark of Oracle Corporation. Any other names used on this website may be trademarks of their respective owners