Database Reference
In-Depth Information
6.
Network admins
- who have the ability to capture network traffic and act as a man in the
middle to effectively monitor both SAs and DBAs.
7.
Datacenter operatives
- their physical access to the server results in very high security
sensitivity; they will be monitored by CCTV while working.
These seven functional groups are required to be seperated in terms of their privileges, and normally in terms of
their professional and social communications, so that relations are kept to the professional level required to achieve
the business objectives, and do not lax into informal arrangements. The reason for this is to prevent the collusion
between members of separate teams that enables privilege escalation.
DBMS_ADVISOR Directory Privileges
Now that we have laid the groundwork, we can move on to the first vulnerability, which represents a privilege
escalation from a monitoring function to OS software access (from group 1 to 5 in our model). Escalating from the
DB to the OS is particularly sensitive in 12c as there will be a number of PDBs sharing the same OS-based
security-sensitive files (spfile, password file, listener.ora, sqlnet.ora, config.c, and OS audit trail, etc.). Escalating from
one container to the OS effectively breaches all the containers.
This first vulnerability arises from the number of directories that 12c has been released with (please note that
Oracle have been informed prior to publication, as normal).
C:\Windows\System32>sqlplus / as sysdba
SQL*Plus: Release 12.1.0.1.0 Production on Fri Jul 19 17:49:22 2013
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
SQL> select banner from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production
PL/SQL Release 12.1.0.1.0 - Production
CORE 12.1.0.1.0 Production
TNS for 64-bit Windows: Version 12.1.0.1.0 - Production
NLSRTL Version 12.1.0.1.0 - Production
SQL> desc dba_directories;
Name Null? Type
----------------------------------------- -------- ----------------------------
OWNER NOT NULL VARCHAR2(128)
DIRECTORY_NAME NOT NULL VARCHAR2(128)
DIRECTORY_PATH VARCHAR2(4000)
ORIGIN_CON_ID NUMBER
