Interesting People mailing list archives
IP: Breakable
From: David Farber <dave () farber net>
Date: Thu, 17 Jan 2002 06:32:01 -0500
Date: Wed, 16 Jan 2002 23:54:53 -0500 To: farber () cis upenn eduFrom: "Kevin L. Poulsen" <klp () securityfocus com> (by way of "Jonathan M. Smith"Breakable A U.K. security expert is preparing to unveil a trove of serious vulnerabilities in Oracle's database products. Can the company redefine 'unbreakable' in time? By Kevin Poulsen Jan 16 2002 1:26AM PT http://www.securityfocus.com/news/309 [...] Making matters worse for Oracle, it turns out that those holes were little more than a prelude to a suite of at least seven vulnerabilities currently in the company's patch pipeline -- all of them discovered by Litchfield last fall. Assuming fixes are available in time, Litchfield plans to present the holes at a security conference in early February, including details of serious bugs that allow attackers to both "break it" and "break in." "They range from buffer overflows, to something in the way Oracle communicates with different components," says Litchfield, lead designer and developer at NGSSoftware. "We can actually interject ourselves in between that communications process and run commands as SYSTEM on Windows NT or 2000. If it's running on a Unix system, we can run commands as the Oracle user remotely... So it's obviously very serious." <snip>
For archives see: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: Breakable David Farber (Jan 17)