| VID |
25165 |
| Severity |
20 |
| Port |
1521, ... |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
Audit Table of ORACLE server on the host system does not belong to database administrator account. Audit Table must belong to database administrator account such as SYS, SYSTEM. Otherwise, unauthorised user can modify or delete audit data.
* Platforms Affected:
UNIX any version
Linux any version
Microsoft Windows any version |
| Recommendation |
Delete the permission to access Audit Table from unauthorised user by executing the following command:
SQL> REVOKE ALL ON SYS.AUD$ FROM <account>; |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
