Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Oracle 10g - emagent.exe Stack-Based Overflow

from [SPI Labs] Network Security [Permanent Link]
Subject: Oracle 10g - emagent.exe Stack-Based Overflow
Date: Wed, 19 Oct 2005 21:48:07 -0400 
Oracle 10g - emagent.exe Stack-Based Overflow
http://www.spidynamics.com/spilabs/advisories/oracle-emagentoverflow.htm
l

Release Date: October 18, 2005
Severity: Critical

Systems Affected
----------------
For a complete list of products and components affected, please visit
http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html

Description
-----------
A vulnerability has been discovered in Oracle Application Server 10g
(10.1.2) on Windows 2000 Server
and others (see list above).  If exploited, this can result in
user-specified code being executed under
the security context of the Oracleoracleas1ASControl service - \\NT
Authority\SYSTEM by default.


Remediation
-----------
The issue can be resolved by applying the patches provided by October
2005 Oracle Critical Patch Update
available from
http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html.


Vendor Information
------------------
Oracle was contacted on March 7, 2005. For more information about this
advisory please visit Oracle
Critical Patch Update page
http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html.


Contact Information
spilabs@spidynamics.com
SPI Dynamics, Inc.
115 Perimeter Center Place N.E.
suite 1100
Atlanta, GA. 30346
Toll-Free Phone: (866) 774-2700



SPI Dynamics was founded in 2000 by a team of accomplished Web security
specialists; SPI Dynamics is the leader in Web application security
technology. With such signature products as WebInspect, SPI Dynamics is
dedicated to protecting companies' most valuable assets. SPI Dynamics
has created a new breed of Internet security products for the Web
application, the most vulnerable yet least secure component of online
business infrastructure.

Copyright (c) 2005 SPI Dynamics, Inc. All rights reserved worldwide.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Oracle 10g - emagent.exe Stack-Based Overflow, SPI Labs <=
Previous by Date:  Re: Hit Throttling - Content Theft Prevention, Steve Shah
Next by Date:  RE: webapp audit and forensics, Griffiths, Ian
Previous by Thread:  SecurityFocus article announcement: Two-factor banking, Andrew van der Stock
Next by Thread:  RE: webapp audit and forensics, Griffiths, Ian
Indexes:  [Date] [Thread] [Top] [All Lists]