Home » RDBMS Server » Security » Security Breach using DBSNMP user.
Security Breach using DBSNMP user. [message #219128] Tue, 13 February 2007 02:06 Go to next message
amkotz
Messages: 72
Registered: May 2005
Location: Bangalore
Member
Hello All,

While creating a Database a Oracle Intelligent Agent communicates with Oracle Enterprise Manager to pass on information about components such as the database,
the listener, and the server itself. To get data about the database, it needs to connect to the database using some userid. By default, the userid used is DBSNMP.

When the database is created, the password of dbsnmp is also set to dbsnmp. This user has some powerful privileges, such as UNLIMITED TABLESPACE,SELECT ANY DICTIONARY (which allows the user to select from dynamic performance views and data dictionary views), and ANALYZE ANY DICTIONARY(which allows analyze of the system objects). Many intruders use this user and password for back-door entry into the database. Needless to say, this is a huge security hole.

Auctually in what ways not making this password change to some other value can be a security breach.

Is having UNLIMITED TABLESPACE,SELECT ANY DICTIONARY and ANALYZE ANY DICTIONARY can cause any problems to the database by the intruders ?


Regds,
Amkotz
Re: Security Breach using DBSNMP user. [message #219186 is a reply to message #219128] Tue, 13 February 2007 09:22 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
Quite a known issue.
That is why oracle always recomends to reset the default passwords for all accounts or to lock those accounts (if the accounts are not used ).
>> can cause any problems to the database by the intruders
To some extent, yes.
Re: Security Breach using DBSNMP user. [message #219297 is a reply to message #219186] Tue, 13 February 2007 21:43 Go to previous messageGo to next message
amkotz
Messages: 72
Registered: May 2005
Location: Bangalore
Member
Hello Mahesh,

Not setting the default passwords can cause problems to the database by the intruders .

How ? ( I know its a wierd question )

Regds,
Amkotz
Re: Security Breach using DBSNMP user. [message #219415 is a reply to message #219297] Wed, 14 February 2007 05:25 Go to previous message
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
>> Not setting the default passwords can cause problems to the database by the intruders .
It is the other way around.
Setting the default passwords can be a security breach. By changing the default passwords of all system accounts and locking the ones the ones that are not used is a good practise.
How exactly this could cause the problem?
Just look into Oracle security alerts / join their mailing list in metalink.
I cannot post the metalink contents, but many good resources are available in web.
http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html
http://www.evdbt.com/UnravelingTheSweater1.pdf
http://laurentschneider.blogspot.com/2005/12/lock-system-restrict-dbsnmp.html
Previous Topic: Audit question
Next Topic: more than one user
Goto Forum:
  


Current Time: Thu Mar 28 16:40:05 CDT 2024