| VID |
14099 |
| Severity |
20 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
The permission of trace file and listener log file in ORACLE server on the host system is unsafe. when attackers access listener directly through LSNRCTL tool,attackers can modify all parameters by using set command. In case that parameter modification is possible, attackers can take advantage of this vulnerability by modifying trace file and listener log file.
* Platforms Affected:
UNIX any version
Linux any version |
| Recommendation |
Set the file's permission properly by executing the following command:
# chmod g-w $ORACLE_HOME/network/admin
# chmod o-w $ORACLE_HOME/network/admin |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
