Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20694
HistoryOct 14, 2008 - 12:00 a.m.

CREATE ANY DIRECTORY to SYSDBA

2008-10-1400:00:00
vulners.com
30

I have found a serious privilege escalation in the Oracle DB that raises a lower privileged user with
CREATE ANY DIRECTORY to that of SYSDBA by directly overwriting the hidden binary password file with a
known binary password file via UTL_DIR. Full discussion of how to defend and respond to this are
included and YES Oracle have been forewarned.
All Oracle DB folks should read this ASAP.
http://www.oracleforensics.com/wordpress/index.php/2008/10/10/create-any-directory-to-sysdba/