Penetration Testing mailing list archives
Re: [PEN-TEST] Oracle
From: Simon Waters <Simon () wretched demon co uk>
Date: Mon, 5 Feb 2001 21:18:11 +0000
One general Oracle networking hole that I spotted the other day in the patch database was to stop unpassword protected listeners having their log file redirected at unsuspecting files owned by the Oracle user. Thus if no password on the listener, anyone could request it to write it's log over any file owned by the appropriate user. That said I found lots of issues like this with Net8 before I discovered how to lock down Oracle networking. I doubt many people have these all lovingly locked down as the expertise on the topic was surprising scarce, especially Oracle nameserver, I learnt it for the project and have conveniently forgotten as much as possible.
Current thread:
- [PEN-TEST] Oracle Michael Graham (Feb 02)
- Re: [PEN-TEST] Oracle Simon Waters (Feb 02)
- <Possible follow-ups>
- Re: [PEN-TEST] Oracle Frazier, Thomas (Feb 05)
- Re: [PEN-TEST] Oracle Simon Waters (Feb 05)
- Re: [PEN-TEST] Oracle James W. Abendschan (Feb 06)
- Re: [PEN-TEST] Oracle Simon Waters (Feb 05)