|
|
question about oracle advisory: msg#00391security.bugtraq
Oracle's released three security-related patches today. I'm trying to get my head around them to write up a Stanford Security Alert, but there's conflicting information. According to http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf the buffer overflow in the EXTPROC code can only be triggered by an authenticated user with the CREATE LIBRARY or CREATE ANY LIBRARY privilege. According to the NGSSoftware advisory that announced the vulnerability, the buffer overflow can be exploited without any authentication or privilege-checking. Anyone have any ideas? thanks -- tbird -- A computer lets you make more mistakes faster than any invention in human history - with the possible exception of handguns and tequila. -- Mitch Ratliff http://www.precision-guesswork.com Log Analysis http://www.loganalysis.org VPN http://vpn.shmoo.com tbird's Security Alerts http://securecomputing.stanford.edu/alert.html |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | OpenServer 5.0.x : Samba security update available avaliable for download.: 00391, security |
|---|---|
| Next by Date: | Workaround for stopping MS2003-030 exploitation via HTML?: 00391, Johnson, Jeff FOR:EX |
| Previous by Thread: | OpenServer 5.0.x : Samba security update available avaliable for download.i: 00391, security |
| Next by Thread: | Re: question about oracle advisory: 00391, David Litchfield |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |