Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Do not connect Oracle DB to the Internet. Oracle Alert #59

Re: Do not connect Oracle DB to the Internet. Oracle Alert #59

From: Pete Finnigan <oracle_list_at_peterfinnigan.demon.co.uk>
Date: Fri, 24 Oct 2003 02:39:25 -0800
Message-ID: <F001.005D434A.20031024023925@fatcity.com> 





>>So who found out this vulnerability? David Litchfield? Aaron Newman?

>>I know it is a bit silly to ask but does anyone know how

>>to exploit this vulnerability?  Send it to me directly if you dont want to

>>reply publicly




Hi,



Some guy called c0ntex, email c0ntex_at_hushmail.com found it. If you want
to know how to exploit it then just search google for "C0ntex Oracle"
and many pages pop up with exploit code on them. For instance:



http://www.security-corporation.com/exploits-20031018-000.html



kind regards



Pete

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Pete Finnigan
  INET: oracle_list_at_peterfinnigan.demon.co.uk

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Fri Oct 24 2003 - 05:39:25 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US