DG0120-ORACLE11 - Unauthorized access to external database objects should be removed from application user roles.

Information

Access to objects stored and/or executed outside of the DBMS security context may provide an avenue of attack to host system resources not controlled by the DBMS. Any access to external resources from the DBMS can lead to a compromise of the host system or its resources.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Evaluate the associated risk in allowing access to external objects.

Consider the security context under which the object is accessed or whether the privileges required to access the object are available for assignment based on job function.

Where feasible, modify the application to use only objects stored internally to the database.

Where not feasible, note the risk assessment and acceptance in the System Security Plan for access to external objects.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-24750r1_rule, STIG-ID|DG0120-ORACLE11, Vuln-ID|V-15105

Plugin: Windows

Control ID: 150d4331d29505ef720cf8fdb14ce38980097bf24887e2978a74faf983cb9c35