5.2.10 Ensure 'CREATE PROCEDURE' Is Revoked from Unauthorized 'GRANTEE'

Information

The Oracle database CREATE PROCEDURE privilege allows the designated user to create a stored procedure that will fire when given the correct command sequence. Unauthorized grantees should not have that privilege.

The CREATE PROCEDURE privilege can lead to severe problems in unauthorized hands, such as rogue procedures facilitating data theft or denial-of-service by corrupting data tables.

Solution

To remediate this setting, execute the following SQL statement, keeping in mind if this is granted in both container and pluggable database, you must connect to both places to revoke.

REVOKE CREATE PROCEDURE FROM <grantee>;

See Also

https://workbench.cisecurity.org/benchmarks/11760

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: OracleDB

Control ID: eb17dc5cf81214466a9d96d444669024ad547198a106c04dbfd04975979158ea