TITLE:
Oracle 10g Installer Insecure Temporary File Creation

SECUNIA ADVISORY ID:
SA12008

VERIFY ADVISORY:
http://secunia.com/advisories/12008/

CRITICAL:
Not critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
Oracle Database 10g
http://secunia.com/product/3387/

DESCRIPTION:
Knud Erik Højgaard has reported a security issue in Oracle Database
10g, allowing malicious users to manipulate temporary files.

The problem is that certain files placed in "/tmp" are created using
777 permissions. This may allow malicious users to manipulate files
during installation.

This has been reported in version 10g. Other versions may also be
affected.

SOLUTION:
Do not install the product on a system with untrusted users.

PROVIDED AND/OR DISCOVERED BY:
Knud Erik Højgaard

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org

----------------------------------------------------------------------