||Oracle Tips by Burleson
Chapter 7 -
Problem: The virus exploits a vulnerability in
a Windows Oracle SQL*Net or Oracle*Net client, allowing an
unauthorized Oracle user to gain root privileges on the UNIX Oracle
database server. The virus then places a malicious Trojan
executable on the server.
CVR References: 41-20374, 75-28365.
Platforms Impacted: Sun Solaris, Red Hat
Linux, SuSE Linux, AIX and HP UNIX.
Vulnerability Assessment: The risk is HIGH. The
virus software allows the Oracle SYSDBA user to gain unauthorized
root privileges and can cause serious loss of production service.
The virus spreads between Oracle servers using
the UNIX e-mail gateway. These messages can be detected by their
distinctive subject lines 'GENERIC VIAGRA', and 'GROW YOUR THINGY'.
Hallmarks of the Oracle virus include:
- It will rewrite your RMAN Oracle backup
files, changing all active verbs to a passive voice and introducing
undetectable misspellings into all text.
- You may see a variation on the “Oprah
Winfrey” virus where your SYSTEM tablespace suddenly shrinks to 20
Meg, and then slowly expands-out to over 500 Meg.
Download your Oracle scripts now:
definitive Oracle Script collection for every Oracle professional DBA