STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Oracle WITH GRANT OPTION privilege must not be granted to non-DBA or non-Application administrator user accounts.

DISA Rule

SV-219700r401224_rule

Vulnerability Number

V-219700

Group Title

SRG-APP-000516-DB-000363

Rule Version

O112-BP-021700

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Revoke privileges granted the WITH GRANT OPTION from non-DBA and accounts that do not own application objects.

Re-grant privileges without specifying WITH GRANT OPTION.

Check Contents

Execute the query:

select grantee||': '||owner||'.'||table_name
from dba_tab_privs
where grantable = 'YES'
and grantee not in (select distinct owner from dba_objects)
and grantee not in (select grantee from dba_role_privs where granted_role = 'DBA')
order by grantee;

If any accounts are listed, this is a finding.

Vulnerability Number

V-219700

Documentable

False

Rule Version

O112-BP-021700

Severity Override Guidance

Execute the query:

select grantee||': '||owner||'.'||table_name
from dba_tab_privs
where grantable = 'YES'
and grantee not in (select distinct owner from dba_objects)
and grantee not in (select grantee from dba_role_privs where granted_role = 'DBA')
order by grantee;

If any accounts are listed, this is a finding.

Check Content Reference

M

Target Key

4057

Comments