Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0000124 | Openbravo ERP | C. Security | public | 2008-04-25 17:05 | 2017-09-20 18:37 |
|
| Reporter | pjuvara | |
| Assigned To | alostale | |
| Priority | normal | Severity | major | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | 2.40 | Fixed in Version | | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0000124: Openbravo database schame has dba privileges |
| Description | The Openbravo installation grants to the Oracle user housing the Openbravo schema (TAD by default) DBA privileges.
This is a security vulnerability because if hackers manage to get access to this user, they will gain control of the full database.
This is a particularly serious concern for those customers who deploy Openbravo in an Oracle database that houses other applications as well. |
| Steps To Reproduce | Connect to Oracle and verify privileges. |
| Proposed Solution | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | depends on | backport | 0004080 | | closed | alostale | Openbravo database schame has dba privileges | | related to | defect | 0000418 | | closed | jpabloae | Openbravo database schema has dba privileges | | related to | defect | 0004078 | | closed | cromero | Database user on PostgreSQL should not have SuperUser privileges |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2008-04-25 17:05 | pjuvara | New Issue | |
| 2008-04-25 17:05 | pjuvara | Status | new => @50@ |
| 2008-04-25 17:05 | pjuvara | Assigned To | => cromero |
| 2008-04-28 11:28 | cromero | Assigned To | cromero => alostale |
| 2008-04-28 11:28 | cromero | Status | @50@ => @40@ |
| 2008-04-30 14:08 | cromero | Status | @40@ => scheduled |
| 2008-05-23 15:47 | alostale | Status | scheduled => resolved |
| 2008-05-23 15:47 | alostale | Fixed in Version | => trunk |
| 2008-05-23 15:47 | alostale | Resolution | open => fixed |
| 2008-05-23 15:47 | alostale | Note Added: 0000321 | |
| 2008-05-23 15:48 | alostale | Status | resolved => new |
| 2008-05-23 15:48 | alostale | Resolution | fixed => open |
| 2008-05-23 15:49 | alostale | Status | new => scheduled |
| 2008-05-23 15:49 | alostale | Status | scheduled => resolved |
| 2008-05-23 15:49 | alostale | Resolution | open => fixed |
| 2008-05-23 15:52 | alostale | Status | resolved => new |
| 2008-05-23 15:52 | alostale | Resolution | fixed => open |
| 2008-05-23 15:52 | alostale | Issue cloned | 0000418 |
| 2008-05-23 15:52 | alostale | Relationship added | related to 0000418 |
| 2008-05-23 15:53 | alostale | Status | new => scheduled |
| 2008-05-23 15:54 | alostale | Status | scheduled => resolved |
| 2008-05-23 15:54 | alostale | Resolution | open => fixed |
| 2008-06-11 14:47 | cromero | Target Version | => 2.40 |
| 2008-06-11 14:50 | cromero | Fixed in Version | trunk => 2.40alpha r3 |
| 2008-06-19 16:58 | cromero | Relationship added | related to 0004078 |
| 2008-06-19 16:58 | cromero | Status | resolved => new |
| 2008-06-19 16:58 | cromero | Resolution | fixed => open |
| 2008-06-19 16:58 | cromero | Note Added: 0007876 | |
| 2008-06-19 16:58 | cromero | Status | new => scheduled |
| 2008-06-19 16:59 | cromero | Status | scheduled => resolved |
| 2008-06-19 16:59 | cromero | svn_revision | => 4497 |
| 2008-06-19 16:59 | cromero | Resolution | open => fixed |
| 2008-07-01 17:56 | anonymous | sf_bug_id | 0 => 2007862 |
| 2008-07-10 11:52 | plujan | Status | resolved => closed |
| 2008-07-10 11:52 | plujan | Fixed in Version | 2.40alpha-r3 => 2.40beta |
| 2017-08-01 03:31 | hgbot | Checkin | |
| 2017-08-01 03:31 | hgbot | Note Added: 0098284 | |
| 2017-08-01 03:31 | hgbot | Status | closed => resolved |
| 2017-08-01 03:31 | hgbot | Fixed in SCM revision | 4497 => http://code.openbravo.com/erp/pmods/org.openbravo.customer.relationshipmanagement/rev/4c0155268f0fbe201ca2c4eb9de98665a6f7ab11 [^] |
| 2017-08-04 09:32 | alostale | Note Added: 0098382 | |
| 2017-08-04 09:32 | alostale | Status | resolved => closed |
| 2017-08-04 09:32 | alostale | Fixed in Version | 2.40beta => |
| 2017-09-20 18:37 | umartirena | Triggers an Emergency Pack | => No |
| 2017-09-20 18:37 | umartirena | version | 2.35 => |
| 2017-09-20 18:37 | umartirena | Fixed in SCM revision | http://code.openbravo.com/erp/pmods/org.openbravo.customer.relationshipmanagement/rev/4c0155268f0fbe201ca2c4eb9de98665a6f7ab11 [^] => |
| 2017-09-20 18:37 | umartirena | Note Deleted: 0098284 | |