Oracle Security Alert #27. Reference date: 28 December 2001. Vulnerabilities in Oracle9i Application Server. Web Cache. Products. Oracle9iAS Web Cache

Oracle Security Alert #27 Reference date: 28 December 2001 Vulnerabilities in Oracle9i Application Server Web Cache Products Oracle9iAS Web Cache 2.0.0.x Platforms affected MS Windows NT/2000 Server Sun SPARC Solaris HP-UX Linux Compaq Tru64 UNIX Overview 1. Bug 2114542 Old Unix i
taller program created incorrect file permissio
on executable and configuration files allowing: Arbitary local file overwrite of files accessible to oracle user. Local privilege escalation to oracle user. Local capture of the webcache admin account. 2. Bug 2108464 Remote Denial-of-Service (DoS) vulnerability on ports 1100, 4000, 4001, and 4002. 3. Bug 2107007 Remote DoS vulnerability in port 4000. 4. Bug 2111358 Remote DoS vulnerability caused by buffer overflow in Windows 2000 and Windows NT. Description of the problems 1. Bug 2114542 It is possible for non-privileged user to start Oracle9iAS Web Cache by invoking $ORACLE_HOME/webcache/bin/webcached, which is a setuid oracle file. The user could specify environment variables and configuration files that would cause local files to be overwritten and commands to be run as the oracle user. The webcache Administrator password is stored in $ORACLE_HOME/webcache/webcache.xml. This file is

Download