Exalogic: No Authentication For Single User Mode Vulnerability Reported On Exalogic Environment
(Doc ID 2979692.1)
Last updated on OCTOBER 10, 2023
Applies to:Oracle Exalogic Elastic Cloud Software - Version 188.8.131.52.220419 and later
Information in this document applies to any platform.
The goal of this document is to provide a recommendation to mitigate the following from a security scan report
"No authentication for single user mode"
Authorization is not enabled for the linux single user mode. This means that an attacker with physical access to the machine can enter single user mode (with root priveleges) simply by typing 'linux single' at LILO prompt or at GRUB boot-editing menu. In Red Hat and Fedora this authorization is disabled by default to help users with lost root passwords. In any case this is a clear security risk.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document