Tuesday, August 2, 2011

DBSNMP-A security hole to the database

While creating a Database an Oracle Intelligent Agent communicates with Oracle Enterprise Manager to pass on information about components such as the database,
the listener, and the server itself. To get data about the database, it needs to connect to the database using some userid. By default, the userid used is DBSNMP.

When the database is created, the password of dbsnmp is also set to dbsnmp. This user has some powerful privileges, such as UNLIMITED TABLESPACE, SELECT ANY DICTIONARY (which allows the user to select from dynamic performance views and data dictionary views), and ANALYZE ANY DICTIONARY (which allows analyze of the system objects). Many intruders use this user and password for back-door entry into the database. Needless to say, this is a huge security hole.

OEM will create DBSNMP USER. Even if you drop the user also again it will create when you connected from OEM. The funny thing is it will use system tablespace for DEFAULT and Temp tablespaces.

SQL> conn dbsnmp/dbsnmp@tsm
SQL> select * from tab;

TNAME                                                 TABTYPE  CLUSTERID
------------------------------ ------- ----------
MGMT_SNAPSHOT                                     TABLE
MGMT_SNAPSHOT_SQL                              TABLE
MGMT_BASELINE                                      TABLE
MGMT_BASELINE_SQL                               TABLE
MGMT_CAPTURE                                       TABLE
MGMT_CAPTURE_SQL                                TABLE
MGMT_RESPONSE_CONFIG                         TABLE
MGMT_LATEST                                          TABLE
MGMT_LATEST_SQL                                   TABLE
MGMT_HISTORY                                        TABLE
MGMT_HISTORY_SQL                                 TABLE

TNAME                                                 TABTYPE CLUSTERID
------------------------------ ------- ----------
MGMT_TEMPT_SQL                                   TABLE
MGMT_RESPONSE_BASELINE                      VIEW
MGMT_BSLN_DATASOURCES                       TABLE
MGMT_BSLN_BASELINES                            TABLE
MGMT_BSLN_INTERVALS                            TABLE
MGMT_BSLN_METRICS                               TABLE
MGMT_BSLN_STATISTICS                           TABLE
MGMT_BSLN_RAWDATA                             TABLE
MGMT_DB_FILE_GTT                                 TABLE
MGMT_DB_SIZE_GTT                                 TABLE