Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0000124 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] C. Security | major | have not tried | 2008-04-25 17:05 | 2017-09-20 18:37 | |||
| Reporter | pjuvara | View Status | public | |||||
| Assigned To | alostale | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | ||||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | 2.40 | |||
| OS | Any | Database | Oracle | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | MP1 | ||||||
| Merge Request Status | ||||||||
| Review Assigned To | ||||||||
| OBNetwork customer | No | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0000124: Openbravo database schame has dba privileges | |||||||
| Description | The Openbravo installation grants to the Oracle user housing the Openbravo schema (TAD by default) DBA privileges. This is a security vulnerability because if hackers manage to get access to this user, they will gain control of the full database. This is a particularly serious concern for those customers who deploy Openbravo in an Oracle database that houses other applications as well. | |||||||
| Steps To Reproduce | Connect to Oracle and verify privileges. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||||||||||||||||
|
||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0000321) alostale (viewer) 2008-05-23 15:47 |
Fixed for create database from xml files r4497. |
|
(0007876) cromero (viewer) 2008-06-19 16:58 |
Backport necessary |
|
(0098382) alostale (viewer) 2017-08-04 09:32 |
closing incorrectly reopened issue |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2008-04-25 17:05 | pjuvara | New Issue | |
| 2008-04-25 17:05 | pjuvara | Status | new => @50@ |
| 2008-04-25 17:05 | pjuvara | Assigned To | => cromero |
| 2008-04-28 11:28 | cromero | Assigned To | cromero => alostale |
| 2008-04-28 11:28 | cromero | Status | @50@ => @40@ |
| 2008-04-30 14:08 | cromero | Status | @40@ => scheduled |
| 2008-05-23 15:47 | alostale | Status | scheduled => resolved |
| 2008-05-23 15:47 | alostale | Fixed in Version | => trunk |
| 2008-05-23 15:47 | alostale | Resolution | open => fixed |
| 2008-05-23 15:47 | alostale | Note Added: 0000321 | |
| 2008-05-23 15:48 | alostale | Status | resolved => new |
| 2008-05-23 15:48 | alostale | Resolution | fixed => open |
| 2008-05-23 15:49 | alostale | Status | new => scheduled |
| 2008-05-23 15:49 | alostale | Status | scheduled => resolved |
| 2008-05-23 15:49 | alostale | Resolution | open => fixed |
| 2008-05-23 15:52 | alostale | Status | resolved => new |
| 2008-05-23 15:52 | alostale | Resolution | fixed => open |
| 2008-05-23 15:52 | alostale | Issue cloned | 0000418 |
| 2008-05-23 15:52 | alostale | Relationship added | related to 0000418 |
| 2008-05-23 15:53 | alostale | Status | new => scheduled |
| 2008-05-23 15:54 | alostale | Status | scheduled => resolved |
| 2008-05-23 15:54 | alostale | Resolution | open => fixed |
| 2008-06-11 14:47 | cromero | Target Version | => 2.40 |
| 2008-06-11 14:50 | cromero | Fixed in Version | trunk => 2.40alpha r3 |
| 2008-06-19 16:58 | cromero | Relationship added | related to 0004078 |
| 2008-06-19 16:58 | cromero | Status | resolved => new |
| 2008-06-19 16:58 | cromero | Resolution | fixed => open |
| 2008-06-19 16:58 | cromero | Note Added: 0007876 | |
| 2008-06-19 16:58 | cromero | Status | new => scheduled |
| 2008-06-19 16:59 | cromero | Status | scheduled => resolved |
| 2008-06-19 16:59 | cromero | svn_revision | => 4497 |
| 2008-06-19 16:59 | cromero | Resolution | open => fixed |
| 2008-07-01 17:56 | anonymous | sf_bug_id | 0 => 2007862 |
| 2008-07-10 11:52 | plujan | Status | resolved => closed |
| 2008-07-10 11:52 | plujan | Fixed in Version | 2.40alpha-r3 => 2.40beta |
| 2017-08-01 03:31 | hgbot | Checkin | |
| 2017-08-01 03:31 | hgbot | Note Added: 0098284 | |
| 2017-08-01 03:31 | hgbot | Status | closed => resolved |
| 2017-08-01 03:31 | hgbot | Fixed in SCM revision | 4497 => http://code.openbravo.com/erp/pmods/org.openbravo.customer.relationshipmanagement/rev/4c0155268f0fbe201ca2c4eb9de98665a6f7ab11 [^] |
| 2017-08-04 09:32 | alostale | Note Added: 0098382 | |
| 2017-08-04 09:32 | alostale | Status | resolved => closed |
| 2017-08-04 09:32 | alostale | Fixed in Version | 2.40beta => |
| 2017-09-20 18:37 | umartirena | Triggers an Emergency Pack | => No |
| 2017-09-20 18:37 | umartirena | version | 2.35 => |
| 2017-09-20 18:37 | umartirena | Fixed in SCM revision | http://code.openbravo.com/erp/pmods/org.openbravo.customer.relationshipmanagement/rev/4c0155268f0fbe201ca2c4eb9de98665a6f7ab11 [^] => |
| 2017-09-20 18:37 | umartirena | Note Deleted: 0098284 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |