Re: Various Buffer Overflows in Oracle 10g Tools

["David Litchfield" <davidl () ngssoftware com>]

Hi Jose,
I'm away from my linux box at the moment; are any of these tools 
setuid/setgid? I'm trying to ascertain the risk posed. If none of these 
overflows present a privilege escalation opportunity then there is no risk 
posed. If these tools are setuid/setgid then, needless to say there is a 
risk.
Cheers,
David Litchfield


----- Original Message ----- 
From: "Joxean Koret" <joxeankoret () yahoo es>
To: "Security Tracker" <bugs () securitytracker com>; "Secunia" 
<vuln () secunia com>; <bugtraq () securityfocus com>; <siaaypee () euskalnet net>
Sent: Thursday, January 20, 2005 10:04 PM
Subject: Various Buffer Overflows in Oracle 10g Tools