STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

Application role permissions should not be assigned to the Oracle PUBLIC role.

DISA Rule

SV-24896r2_rule

Vulnerability Number

V-3437

Group Title

Oracle PUBLIC role privileges

Rule Version

DO0320-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Revoke role grants from PUBLIC.

Do not assign role privileges to PUBLIC.

From SQL*Plus:

revoke [role name] from PUBLIC;

Check Contents

From SQL*Plus:

select granted_role from dba_role_privs where grantee = 'PUBLIC';

If any roles are listed, this is a Finding.

Vulnerability Number

V-3437

Documentable

False

Rule Version

DO0320-ORACLE11

Severity Override Guidance

From SQL*Plus:

select granted_role from dba_role_privs where grantee = 'PUBLIC';

If any roles are listed, this is a Finding.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1367

Comments