From: Juan Manuel Pascual Escriba [pask@PLAZASITE.COM]
Sent: Thursday, December 21, 2000 6:26 AM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: vulnerability #1 in Oracle Internet Directory 2.1.1.1 in Oracle
8.1.7







                      WWW.PLAZASITE.COM
                  System & Security Division

   Title:     Vulnerability in oidldapd in Oracle 8.1.7
    Date:     10-12-2000
Platform:     Only tested in Linux, but can be exported to others.
  Impact:     Any user gain euid=root.
  Author:     Juan Manuel Pascual (pask@plazasite.com)
  Status:     Vendor Contacted answers received. Details Below

OVERVIEW:
    oidldapd is a Oracle Internet Directory. Oracle Ldap Daemon. The
actual version is 2.1.1.1

PROBLEM SUMMARY:
    There is a buffer overflow in oidldapd that can be use by local
users to obtain euid of root user. Easy for user oracle.

IMPACT:
    Any user with local access, can gain euid= root.

SOLUTION:
    Chmod -s ;-)))).

STATUS:
    Vendor was contacted 10-Dec-2000. They point me to metalink site
then all to metalink site ;-)

----------------
This vulnerability was researched by:
Juan Manuel Pascual Escriba            pask@plazasite.com

--


                " In God We trust, Others We monitor "

        -------------------------------------------------------------
         Juan Manuel Pascual Escribá        Administrador de Sistemas
         PlazaSite S.A.                         c/ Tomás Bretón 32-38
         08950 Esplugues de Llobregat           (Barcelona),    SPAIN
         Ph: +34 93 3717398                       Fax: +34 93 3711968
         mob: 667591142                     Email: pask@plazasite.com
        -------------------------------------------------------------