| VID |
25051 |
| Severity |
30 |
| Port |
1521, ... |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The Oracle Database server, according to its version number, has a FGA logging failure vulnerability. Oracle8i 8.1.7, Oracle9i and Oracle 10g Database Servers could allow a remote attacker to disable the Fine Grained Audit (FGA). Fine Grained Audit does not work if the user SYS runs a SELECT statement. If the SYS user runs a SELECT statement within a table, the statement will not be audited, and no other SELECTs within the table that are used by others will be audited. This results in a false sense of security.
* Note: This check solely relied on the version number of the remote Oracle Database server to assess this vulnerability, so this might be a false positive.
* References:
http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0076.html
* Platforms Affected:
Oracle Oracle8i Database Server 8.1.7
Oracle Oracle9i Database Server Any version
Oracle Oracle10g Database Server Any version
Any operating system Any version |
| Recommendation |
For Oracle 8i, 9i:
No upgrade or patch available as of June 2005.
For Oracle 10g:
Apply the patchset 10.1.0.4, when it becomes available from the Oracle Database Server Patch Sets Web page at http://www.oracle.com/technology/support/patches.htm
As a workaround, do not run SQL for FGA objects as user SYS. For details, see the Red Database Security VU#3777773 at http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html |
| Related URL |
CVE-2005-1495 (CVE) |
| Related URL |
13510 (SecurityFocus) |
| Related URL |
20407 (ISS) |
|
