DBAsupport.com Forums - Powered by vBulletin
Results 1 to 3 of 3

Thread: Oracle Listener Security

  1. 09-28-2001, 01:24 PM #1
    ocp2b
    ocp2b is offline Member
    Join Date
    Sep 2001
    Posts
    163
    I have been told that there is an Oracle Listener security problem. The metalink doc is 124742.1. Here is a cut/paste from the Description area on the metalink doc:

    *******
    A security vulnerability in the listener program of the Oracle Enterprise Server
    has been discovered.
    Using this vulnerability, a knowledgeable and malicious attacker can potentially
    gain a higher level of access to the Oracle owner account and Oracle databases
    and introduce malicious code into various operating systems.

    The commands SET LOG_FILE and SET TRC_FILE allow the log and trace files,
    respectively, to which the listener program writes, to be modified dynamically
    while the listener program is running. The listener program can be configured
    to append and/or overwrite logging and tracing information to any operating
    system file that can be written by the Oracle owner, such as an alert file or
    a database file, and thereby corrupt an Oracle database and potentially
    introduce malicious code into the operating system.

    *********

    Has anyone else had any problems related to this issue? None of the other dba's where I work know of any problems we experienced because of this issue and I am hesitant to install the patch if I can't duplicate/verify the problem. I mean if I can't duplicate/verify the problem, how can I be sure the patch I am applying solved the problem.
    Reply With Quote Reply With Quote
  2. 09-28-2001, 02:32 PM #2
    jmodic
    jmodic is offline Super Moderator
    Join Date
    Dec 2000
    Location
    Ljubljana, Slovenia
    Posts
    4,439
    What do you mean by "I can't duplicate/verify the problem" - sure you can, it is very easy. I just did it myself:

    While your database and listener are running, start LSNRCTL and use SET LOG_FILE command to set your listener log file destination to one of the vital database files owned by Oracle. I did redirect it to one of my controlfiles and that controlfile immediately got corrupted - listener appended some text to it immediately. Of course the database wouldn't start again with this controlfile.

    So after you apply the required patch(es) and setting ADMIN_RESTRICTIONS_LISTENER=ON you shouldn't be allowed to change the LOG_FILE or TRACE_FILE with SET command at runtime.
    Jurij Modic
    ASCII a stupid question, get a stupid ANSI
    24 hours in a day .... 24 beer in a case .... coincidence?
    Reply With Quote Reply With Quote
  3. 09-28-2001, 04:14 PM #3
    ocp2b
    ocp2b is offline Member
    Join Date
    Sep 2001
    Posts
    163
    Thanks. Your explaination made more sense to me than Oracle's explanation.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Click Here to Expand Forum to Full Width