Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Client side vulnerabilities (Buffer Overflow)

Client side vulnerabilities (Buffer Overflow)

From: David ROBERT <castlebbs_at_gmail.com>
Date: 24 Jun 2005 05:04:02 -0700
Message-ID: <1119614642.253120.268570@f14g2000cwb.googlegroups.com> 





Hello,



I'm interested in Oracle security.


I've seen the Oracle alerts on the oracle website. A lot of the highly
critical advisories are about database server itself or the underlying
operating system command execution.



I'm actually looking about securing an application where :


- I cannot trust in the Oracle Database server (the listener could be

replaced by a malicious program).


- The clients applications needs to be secure. The clients connects the

database using SQL*Net. Clients are binaries linked : libwtc8.sl,
libnjni8.sl


libwtc8.sl,libclntsh.sl.8.0



I haven't seen in the oracle risk matrix the case where a malicious
listener could exploit a buffer overflow in oracle client libraries.



Do you know about this risk ? Has Oracle released some advisories about
that ?



-- 
David ROBERT
http://www.ombrepixel.com/drobert/


Received on Fri Jun 24 2005 - 07:04:02 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US