Bugtraq mailing list archives
Breakable
From: "Kevin L. Poulsen" <klp () securityfocus com>
Date: Wed, 16 Jan 2002 10:12:22 -0800
Breakable A U.K. security expert is preparing to unveil a trove of serious vulnerabilities in Oracle's database products. Can the company redefine 'unbreakable' in time? By Kevin Poulsen Jan 16 2002 1:26AM PT http://www.securityfocus.com/news/309 [...] Making matters worse for Oracle, it turns out that those holes were little more than a prelude to a suite of at least seven vulnerabilities currently in the company's patch pipeline -- all of them discovered by Litchfield last fall. Assuming fixes are available in time, Litchfield plans to present the holes at a security conference in early February, including details of serious bugs that allow attackers to both "break it" and "break in." "They range from buffer overflows, to something in the way Oracle communicates with different components," says Litchfield, lead designer and developer at NGSSoftware. "We can actually interject ourselves in between that communications process and run commands as SYSTEM on Windows NT or 2000. If it's running on a Unix system, we can run commands as the Oracle user remotely... So it's obviously very serious." <snip>
Current thread:
- Breakable Kevin L. Poulsen (Jan 16)
- <Possible follow-ups>
- RE: Breakable Jonathan A. Zdziarski (Jan 18)
- RE: Breakable bugtraq () t-swat com (Jan 18)
- RE: Breakable Jonathan A. Zdziarski (Jan 18)
- Re: Breakable Pete Finnigan (Jan 21)
- Re: Breakable uid0 (Jan 21)
- RE: Breakable bugtraq () t-swat com (Jan 18)
- RE: Breakable Greg Williamson (Jan 23)