OS accounts used to execute external procedures should be assigned minimum privileges.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15620 | DG0101-ORACLE11 | SV-25054r1_rule | DCFA-1 | Medium |
| Description |
|---|
| External applications spawned by the DBMS process may be executed under OS accounts assigned unnecessary privileges that can lead to unauthorized access to OS resources. Unauthorized access to OS resources can lead to the compromise of the OS, the DBMS, and any other service provided by the host platform. |
| STIG | Date |
|---|---|
| Oracle 11 Database Installation STIG | 2014-01-14 |
Details
| Check Text ( C-1769r1_chk ) |
|---|
| Determine which OS accounts external DBMS executables are run. Review the privileges assigned to these accounts and compare them to the System Security Plan and the function of the applications. If assigned privileges exceed those necessary to operate as designed or the privileges do not match the list of required privileges for the application in the System Security Plan, this is a Finding. |
| Fix Text (F-3795r1_fix) |
|---|
| Configure OS accounts used by DBMS external procedures to have the minimum privileges necessary for operation. Document DBMS external procedures and OS privileges need to execute the procedures in the System Security Plan. |