m$ -sized holes in oracle
Results 1 to 4 of 4

Thread: m$ -sized holes in oracle

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    682

    Exclamation m$ -sized holes in oracle

    EXPOSURE:


    1. A remote compromise in the Database server in Oracle 8 and 9i on
    all platforms could result in a hacker executing any function
    from any system library. A system library is a compilation of
    functions that are commonly used in a particular Operating
    System (OS). For instance, these libraries may contain functions
    that open a common shell for that OS. By establishing a remote
    connection to the Oracle Database server's listening port (TCP
    1521) masqueraded as an Oracle process, a hacker could trick the
    Oracle Database server into executing any function from any of
    these libraries even though the attacker has not authenticated
    to the server with a user name and password. The function would
    be called with the permissions of the Oracle processes
    (typically full system permissions). Commands executed with
    these permissions could result in significant damage to your
    system. For a more detailed explanation of this
    vulnerability and its workaround, see NGSSoftware's advisory
    <http://www.nextgenss.com/advisories/oraplsextproc.txt> and
    Oracle's Security Alert # 29.
    <http://technet.oracle.com/deploy/sec...proc_alert.pdf>


    2. Oracle 9iAS for Solaris, Windows and HP-UX machines has a PL/SQL
    module that allows remote users to call special procedures
    stored on a database server. Multiple buffer overflows have been
    found in relation to this PL/SQL module. Each overflow can
    result in the execution of arbitrary code with the permissions
    of the Oracle Apache Web service. By default, this service runs
    with the permissions of the local SYSTEM account in Windows.
    This would allow a hacker to execute any code with full
    privileges. For a more detailed explanation of this
    vulnerability and its workaround, see NGSSoftware's advisory
    <http://www.nextgenss.com/advisories/oraplsbos.txt> and Oracle's
    Security Alert # 28.
    <http://technet.oracle.com/deploy/sec...lsql_alert.pdf>


    3. Oracle 9iAS's Web server on all platforms supports JavaServer
    Pages <http://java.sun.com/products/jsp/> (JSP). JSP allows for
    dynamic Web pages containing elements like Java scriptlets and
    XML-tags. The code contained within a JSP Web page is compiled
    by the Web server when a user requests the page. NGSSoftware
    found that Oracle's Web server creates three temporary files in
    a publicly accessible folder whenever a JSP page is accessed.
    One of these files contains the source code for the JSP page in
    clear text. This source code might contain sensitive information
    such as user IDs and passwords. For a more detailed explanation
    of this vulnerability and its patch, see NGSSoftware's advisory
    <http://www.nextgenss.com/advisories/orajsp.txt> and part 2 in
    Oracle's Security Alert # 28.
    <http://technet.oracle.com/deploy/sec...lsql_alert.pdf>
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Banned
    Join Date
    Oct 2001
    Posts
    1,463
    Its pretty sad... Oracle kept on saying that they have built an unhackable OS and now there are tons of holes for it.... I think they did that just for publicity.... When they fix the holes they can be all proud of themselves but for now shame on them !

  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    good post zigar. More bad news from oracle.
    Trappedagainbyperfectlogic.

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    472
    Originally posted by ac1dsp3ctrum
    I think they did that just for publicity....
    Yup, and I doubt anybody believed them in the first place. Orcale CEO Larry Ellison is known for being a loud-mouth. And I guess everyone knew he was only practicing his tongue-gymnastics again
    ---
    proactive

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •