Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Oracle security alert #66 - new information available

Re: Oracle security alert #66 - new information available

From: Norman Dunbar <norman.dunbar_at_lfs.co.uk>
Date: 21 Apr 2004 00:12:47 -0700
Message-ID: <3078e2fe.0404202312.3b2dcd11@posting.google.com>


Pete Finnigan <plsql_at_petefinnigan.com> wrote in message news:<YzyaWoAbDUhARx6r_at_peterfinnigan.demon.co.uk>...
> Hi Norm,
>
> hope you are well?

Hi Pete, yes I'm fine. Just back from two weeks in the Maldives. Very hot (100 degrees in the shade!) and sunny. Fabulous reef so I spent most of the (cooler parts of the) day in the sea. Hope you are well too.

>
> The exploit jmig has discovered is a heap overflow rather than a buffer
> overflow. What happens is that it is possible to corrupt heap memory
> that you do not own.

OK, I understand that bit, but I thought Windows and Unix had some form of memory protection to prevent this from happeing ?

> In this way with a carefully crafted string you can
> write a pointer into a specific memory location that overwrites a
> function pointer address such as a pointer table for a DLL that has been
> loaded into memory dynamically. Then its possible to get the application
> to execute your code instead of the intended function.

And strangely enough, I can follow this as well. The problem I have is, how the bleeding hell can a 'penetrator' know what DLLs are loaded and where they are in memory to be able to set up a carefully (or even very carefully) crafted string ?
>
> I found a good paper that explains buffer overflows, heap overflows,
> pointer overflows, format string exploits etc. Its at
> http://www.covertsystems.org/archives/misc-papers/csr-exploitation.pdf
>

I've downloaded this paper and will attaempt to read it. My work PC has only got AcroReader version 4.0 which Dr Watson's all the time. I've already requested an upgrade to the latest version, but these things take (a lot) of time here.

Ah well, on with the day !

Posting from Google is like playing postal chess - it takes ages to get onto the next reply :o(

Cheers & thanks,
Norman.

PS. Oracle 10G installed ok on Mandrake 10. Shame that MDK10 doesn't see anything on the companion disc where MDK9.2 did. One day maybe, one day. Received on Wed Apr 21 2004 - 02:12:47 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US