Exalogic: No Authentication For Single User Mode Vulnerability Reported On Exalogic Environment (Doc ID 2979692.1)

Last updated on OCTOBER 10, 2023

Applies to:

Oracle Exalogic Elastic Cloud Software - Version 2.0.6.3.220419 and later
Information in this document applies to any platform.

Goal

The goal of this document is to provide a recommendation to mitigate the following from a security scan report

"No authentication for single user mode"

Description

Authorization is not enabled for the linux single user mode. This means that an attacker with physical access to the machine can enter single user mode (with root priveleges) simply by typing 'linux single' at LILO prompt or at GRUB boot-editing menu. In Red Hat and Fedora this authorization is disabled by default to help users with lost root passwords. In any case this is a clear security risk.

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Exalogic: No Authentication For Single User Mode Vulnerability Reported On Exalogic Environment (Doc ID 2979692.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!