5.1.1.2 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'File System' Packages - File System Packages

Information

As described below, Oracle Database PL/SQL 'File System' packages - DBMS_ADVISOR, DBMS_LOB and UTL_FILE - provide PL/SQL APIs to access files on the servers. The user PUBLIC should not be able to execute these packages.

The Oracle database DBMS_ADVISOR package can be used to write files located on the server where the Oracle instance is installed. The user PUBLIC should not be able to execute DBMS_ADVISOR.

The Oracle database DBMS_LOB package provides subprograms that can manipulate and read/write on BLOB's, CLOB's, NCLOB's, BFILE's, and temporary LOB's. The user PUBLIC should not be able to execute DBMS_LOB.

The Oracle database UTL_FILE package can be used to read/write files located on the server where the Oracle instance is installed. The user PUBLIC should not be able to execute UTL_FILE.

Rationale:

As described below, Oracle Database PL/SQL 'File System' packages - DBMS_ADVISOR, DBMS_LOB and UTL_FILE - should not be granted to PUBLIC.

Use of the DBMS_ADVISOR package could allow an unauthorized user to corrupt operating system files on the instance's host.

Use of the DBMS_LOB package could allow an unauthorized user to manipulate BLOB's, CLOB's, NCLOB's, BFILE's, and temporary LOBs on the instance, either destroying data or causing a denial-of-service condition due to corruption of disk space.

Use of the UTL_FILE package could allow a user to read OS files. These files could contain sensitive information (e.g. passwords in .bash_history)

Solution

To remediate this setting, execute the following SQL statement, keeping in mind if this is granted in both container and pluggable database, you must connect to both places to revoke.

REVOKE EXECUTE ON DBMS_ADVISOR FROM PUBLIC;
REVOKE EXECUTE ON DBMS_LOB FROM PUBLIC;
REVOKE EXECUTE ON UTL_FILE FROM PUBLIC;

See Also

https://workbench.cisecurity.org/benchmarks/13413