|
|
| |
| Oracle XML DB FTP service may incorrectly perform login audit trails in some circumstances. Attackers may exploit this issue to hide or obfuscate actual attack traces. |
| |
Credit:
The information has been provided by David Litchfield.
The original article can be found at:
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-xmldb-ftp-service/
|
| |
Vulnerable Systems:
* Oracle Oracle 9ir2, 10g Release 1
When a user attempts to log in via the XDB ftp service the audit trail shows an incorrect entry for USERID. This can present two subtle problems.
Firstly, if a user logs in as SYSTEM the USERID column only shows SYSTE - only 5 characters.
The second problem is that if the same user then attempts to log in a user FOO , FOOTE is logged in the USERID column - the TE coming from the TE of SYSTE[M] - the previous login. This only happens on the same connected TCP circuit; as such all audit entries have the same SESSIONID.
Vendor Status:
Oracle was alerted to this flaw on the 9th of March 2006. A patch has now been made available:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html
|
|
|
|
|
|
|
|
