CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#118277

The Oracle Internet Directory LDAP (oidldapd) contains buffer overflow

Overview

Oracle Internet Directory version 2.0.6, which ships with Oracle version 8i for Linux (8.1.6), contains a program, oidldapd, that is an LDAP Daemon. There is a buffer overflow in the LDAP Daemon that allows a local user to obtain the euid of the oidldapd process, typically user oracle.

I. Description

There is a buffer overflow in the oidldapd with regard to the "connect" option. Since oidldapd typically runs as user oracle, this vulnerability can be used by local users to obtain euid of user oracle. As a result of the default installation, user oracle owns all database files. An exploit has been published.

II. Impact

All database files can be edited/deleted by a malicious user. A local user can obtain privileges of the oidldapd process, typically oracle.

III. Solution

Oracle encourages all Linux directory developers to upgrade to Oracle Internet Directory, v2.1.1, part of the Oracle 8.1.7 (8i Release 3) server media pack, from http://technet.oracle.com/.

If you use a UFS filesystem, use chmod to set the file permissions to 710 for the oidldapd and oidmon executables. For other filesystems (e.g. AFS) use equivalent settings to restrict access to privileged users only.

Systems Affected

VendorStatusDate Updated
OracleVulnerable12-Jul-2001

References

VU#610904
http://www.securityfocus.com/bid/1828
http://www.securityfocus.com/advisories/2763
http://www.securityfocus.com/archive/1/140709
http://www.securityfocus.com/archive/1/157228
http://xforce.iss.net/static/5401.php
http://metalink.oracle.com

Credit

This vulnerability was first published by Juan Manuel Pascual Escriba in a Plazasite advisory.

This document was written by Jason Rafail.

Other Information

Date Public10/18/2000
Date First Published07/12/2001 04:07:48 PM
Date Last Updated07/12/2001
CERT Advisory 
CVE NameCAN-2000-0987
Metric9.00
Document Revision25

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2001 Carnegie Mellon University