Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> [PTL-2002-01] Vulnerabilities in Oracle9iAS Web Cache

[PTL-2002-01] Vulnerabilities in Oracle9iAS Web Cache

From: <Jared.Still_at_radisys.com>
Date: Mon, 07 Jan 2002 14:14:26 -0800
Message-ID: <F001.003E8F14.20020107134520@fatcity.com> 






FYI






                           PenTest Limited
                       www.pentest-limited.com
                          Security Advisory

                Vulnerabilities in Oracle9iAS Web Cache

Author: Mark Rowe <mark.rowe_at_pentest-limited.com>
        Pete Finnigan <pete.finnigan_at_pentest-limited.com>


Date: 7th January 2002


Reference: ptl-2002-01





Overview:



This advisory describes multiple vulnerabilities in Oracle9iAS Web Cache
that allow an attacker with local access to overwrite any files
accessible to "oracle" user,  gain "oracle" user privileges and capture
the password of the Web Cache admin account.



Description:



It is possible for non privileged user to start Web Cache by invoking
$ORACLE_HOME/webcache/bin/webcached and either create or overwrite any
"oracle" owned file as the result of the setuid bit "oracle". By
starting $ORACLE_HOME/webcache/bin/webcached with the -A option it is
also possible to run commands as the "oracle" user. This can be achieved
by modification of local environment variables and Web Cache
configuration files.



As part of the functionality offered by Web Cache it is possible to
locally and remotely administer the Web Cache application. Normally,
access is restricted (a username and password are required). The Web
Cache administrator passwords are stored in $ORACLE_HOME/webcache/webcac
he.xml. This file is readable by world and contains the "encrypted"
password for the administrator accounts. The encryption was found to be
weak. It may also be possible to gain access to the administrator
accounts if the default passwords have not been changed.



Test Environment:



These vulnerabilities have been tested on Oracle 9iAS version 1.0.2.2.1
installed on Sun Solaris 2.8. Other versions may also be vulnerable.




Recommendations:



Apply vendor patches.



Vendor Status:



The vendor has issued a bulletin and made patches available on this
issue. See



http://otn.oracle.com/deploy/security/pdf/webcache2.pdf













-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: 


  INET: Jared.Still_at_radisys.com


Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Mon Jan 07 2002 - 16:14:26 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US