Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0004080 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| backport | [Openbravo ERP] C. Security | major | have not tried | 2008-06-19 16:58 | 2008-06-19 17:07 | |||
| Reporter | pjuvara | View Status | public | |||||
| Assigned To | alostale | |||||||
| Priority | normal | Resolution | no change required | Fixed in Version | 2.40alpha-r3 | |||
| Status | closed | Fix in branch | 2.3x | Fixed in SCM revision | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Oracle | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | 2.35 | SCM revision | MP1 | |||||
| Merge Request Status | ||||||||
| Review Assigned To | ||||||||
| OBNetwork customer | No | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0004080: Openbravo database schame has dba privileges | |||||||
| Description | The Openbravo installation grants to the Oracle user housing the Openbravo schema (TAD by default) DBA privileges. This is a security vulnerability because if hackers manage to get access to this user, they will gain control of the full database. This is a particularly serious concern for those customers who deploy Openbravo in an Oracle database that houses other applications as well. | |||||||
| Steps To Reproduce | Connect to Oracle and verify privileges. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0007877) pjuvara (viewer) 2008-06-19 17:07 |
This issue is too risky to be backported and it introduces too big of a change to existing customers. Will only be fixed in the next release (2.40). |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2008-06-19 16:58 | cromero | New Issue | |
| 2008-06-19 16:58 | cromero | Assigned To | => alostale |
| 2008-06-19 16:58 | cromero | Status | new => scheduled |
| 2008-06-19 16:58 | cromero | Resolution | open => open |
| 2008-06-19 16:58 | cromero | Fixed in Version | => 2.40alpha-r3 |
| 2008-06-19 17:07 | pjuvara | Status | scheduled => closed |
| 2008-06-19 17:07 | pjuvara | Note Added: 0007877 | |
| 2008-06-19 17:07 | pjuvara | Resolution | open => no change required |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |