Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL

from [Steven M. Christey] Network Security [Permanent Link]
Subject: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL
Date: Thu, 25 Jan 2007 14:23:52 -0500 (EST) 

Which Oracle Vuln# does this map to?

There are 2 substantial discrepancies with the most likely candidate.

According to the Jan 2007 CPU:

  
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html

the only issue related to sys.dbms_capture_adm_internal is DB09.

However, the CVSS Risk matrix says that the Integrity impact is None,
which conflicts with your assertion that arbitrary code can be
executed.  At the very least, Integrity should be Partial, maybe
Partial+.  (I forget why they score things "Partial+", but their CVSS
documents apparently require access to meta-Link, which is only for
"authorized Oracle customers, partners, and employees.")

Also, you report 9iR1 and 9iR2 as being affected, but the Oracle
advisory says that 9iR2 was the earliest version affected.

DB02 is related to the Change Data Capture component, but it
apparently needs different execute permissions, so it's less likely to
be the proper match for this issue.


Thanks,
Steve

P.S.  DB09 is associated with CVE-2007-0274.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [x0n3-h4ck] Siteman 1.1.11 Remote Md5 Hash Disclosure Vulnerability, corrado . liotta
Next by Date:  high5 Review script Security Risk, anon
Previous by Thread:  [x0n3-h4ck] Siteman 1.1.11 Remote Md5 Hash Disclosure Vulnerability, corrado . liotta
Next by Thread:  Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL, shatter
Indexes:  [Date] [Thread] [Top] [All Lists]