| VID |
25167 |
| Severity |
40 |
| Port |
1521, ... |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The ORACLE server on the host system sets REMOTE_OS_ROLES to TRUE.
If REMOTE_OS_ROLES is set to TRUE, remote clients can access database by pretending to be the OS's other user.
* Platforms Affected:
UNIX any version
Linux any version
Microsoft Windows any version |
| Recommendation |
Open $Oracle_Home/dbs/SPFILE<SID>.ORA or $Oracle_Home/admin/pfile/init<sid>.ora and add the following.
REMOTE_OS_ROLES=FALSE |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
