Security World: [NEWS] Oracle XMLDB FTP Service Audit Log Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

Oracle XMLDB FTP Service Audit Log Vulnerability
------------------------------------------------------------------------

SUMMARY

Oracle XML DB FTP service may incorrectly perform login audit trails in
some circumstances. Attackers may exploit this issue to hide or obfuscate
actual attack traces.

DETAILS

Vulnerable Systems:
* Oracle Oracle 9ir2, 10g Release 1

When a user attempts to log in via the XDB ftp service the audit trail
shows an incorrect entry for USERID. This can present two subtle problems.

Firstly, if a user logs in as SYSTEM the USERID column only shows SYSTE
- only 5 characters.

The second problem is that if the same user then attempts to log in a
user FOO , FOOTE is logged in the USERID column - the TE coming from
the TE of SYSTE[M] - the previous login. This only happens on the same
connected TCP circuit; as such all audit entries have the same SESSIONID.

Vendor Status:
Oracle was alerted to this flaw on the 9th of March 2006. A patch has now
been made available:

<http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html> http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html

ADDITIONAL INFORMATION

The information has been provided by <mailto:davidl@ngssoftware.com>
David Litchfield.
The original article can be found at:

<http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-xmldb-ftp-service/> http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-xmldb-ftp-service/

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Security World

Sunday, October 21, 2007

[NEWS] Oracle XMLDB FTP Service Audit Log Vulnerability

No comments:

Post a Comment