Bugtraq mailing list archives
Re: Recent Oracle exploit is _actually_ an 0day with no patch
From: "Steven M. Christey" <coley () mitre org>
Date: Thu, 27 Apr 2006 18:54:12 -0400 (EDT)
The recent Oracle exploit posted to Bugtraq (http://www.securityfocus.com/archive/1/431353) is actually an 0day and has no patch.
The referenced exploit seems to use GET_DOMAIN_INDEX_METADATA with a TYPE_NAME that references an attacker-defined package with a (modified?) ODCIIndexGetMeta function. Your last example uses GET_V2_DOMAIN_INDEX_TABLES, with arguments that reference an attacker-defined package with a (modified?) ODCIIndexUtilGetTableNames function. Is this a surface-level discrepancy, or is your vector substantively different than the one in the exploit? If these are different, then is it possible that last week's exploit was actually fixed? - Steve P.S. For those of you who are paying attention at this excruciating level of detail, it seems that David's original use of GET_DOMAIN_INDEX_METADATA in 2004 directly included the code in the NEWBLOCK argument, whereas last week's exploit was performed through an indirect reference to the code in the TYPE_NAME argument.
Current thread:
- Recent Oracle exploit is _actually_ an 0day with no patch David Litchfield (Apr 26)
- <Possible follow-ups>
- Re: Recent Oracle exploit is _actually_ an 0day with no patch Steven M. Christey (Apr 28)
- Re: Recent Oracle exploit is _actually_ an 0day with no patch David Litchfield (Apr 28)
- RE: Recent Oracle exploit is _actually_ an 0day with no patch Kornbrust, Alexander (Apr 28)
- Re: Recent Oracle exploit is _actually_ an 0day with no patch David Litchfield (Apr 30)