Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0000418 | Openbravo ERP | K. Packaging | public | 2008-05-23 15:52 | 2009-03-18 11:02 |
|
| Reporter | alostale | |
| Assigned To | jpabloae | |
| Priority | normal | Severity | major | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | | Fixed in Version | | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | No |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0000418: Openbravo database schema has dba privileges |
| Description | The Openbravo installation grants to the Oracle user housing the Openbravo schema (TAD by default) DBA privileges.
This is a security vulnerability because if hackers manage to get access to this user, they will gain control of the full database.
This is a particularly serious concern for those customers who deploy Openbravo in an Oracle database that houses other applications as well. |
| Steps To Reproduce | Connect to Oracle and verify privileges. |
| Proposed Solution | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | related to | defect | 0000124 | 2.40 | closed | alostale | Openbravo database schame has dba privileges |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2008-05-23 15:52 | alostale | New Issue | |
| 2008-05-23 15:52 | alostale | Assigned To | => alostale |
| 2008-05-23 15:52 | alostale | Issue generated from | 0000124 |
| 2008-05-23 15:52 | alostale | Relationship added | related to 0000124 |
| 2008-05-23 15:55 | alostale | Note Added: 0000322 | |
| 2008-05-23 15:56 | alostale | Project | Openbravo ERP => @5@ |
| 2008-05-23 16:02 | alostale | Assigned To | alostale => jpabloae |
| 2008-05-23 17:49 | jpabloae | Status | new => acknowledged |
| 2008-05-23 17:49 | jpabloae | version | 2.35 => |
| 2008-05-23 17:49 | jpabloae | Summary | Openbravo database schame has dba privileges => Openbravo database schema has dba privileges |
| 2008-05-23 18:16 | alostale | Issue Monitored: alostale | |
| 2008-06-12 01:50 | jpabloae | Category | C. Security => Installer |
| 2008-06-19 17:47 | svnbot | Checkin | |
| 2008-06-19 17:47 | svnbot | Note Added: 0007878 | |
| 2008-06-19 17:47 | svnbot | Status | acknowledged => resolved |
| 2008-06-19 17:47 | svnbot | Resolution | open => fixed |
| 2008-06-19 17:47 | svnbot | svn_revision | => 61 |
| 2008-11-13 07:02 | jpabloae | Status | resolved => closed |
| 2008-11-25 21:41 | pjuvara | Sticky Issue | No => Yes |
| 2008-11-25 21:43 | pjuvara | Project | @5@ => Openbravo ERP |
| 2008-11-25 21:45 | pjuvara | Category | Installer => K. Packaging |
| 2008-11-25 21:47 | pjuvara | Sticky Issue | Yes => No |
| 2009-03-18 11:02 | anonymous | sf_bug_id | 0 => 2691312 |