Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Client side vulnerabilities (Buffer Overflow)
Hello,
I'm interested in Oracle security.
I've seen the Oracle alerts on the oracle website. A lot of the highly
critical advisories are about database server itself or the underlying
operating system command execution.
I'm actually looking about securing an application where :
- I cannot trust in the Oracle Database server (the listener could be
replaced by a malicious program).
- The clients applications needs to be secure. The clients connects the
database using SQL*Net. Clients are binaries linked : libwtc8.sl,
libnjni8.sl
libwtc8.sl,libclntsh.sl.8.0
I haven't seen in the oracle risk matrix the case where a malicious listener could exploit a buffer overflow in oracle client libraries.
Do you know about this risk ? Has Oracle released some advisories about that ?
-- David ROBERT http://www.ombrepixel.com/drobert/Received on Fri Jun 24 2005 - 07:04:02 CDT