astalavista schreef:
>> You heart the bell ring, but do not know
>> where it hangs (or similar, I try to transform a
>> Dutch saying here).
>> It's about redirecting the traffic, and inserting TCP/IP
>> packets when a logon is ongoing.
>>
>> Patched in the January CPU, René Nyffenegger and Pete
>> Finnigan wrote about it. Here's René's article:
>> http://www.adp-gmbh.ch/blog/2006/01/24.php, for
>> completeness, here's Pete's:
>> http://www.petefinnigan.com/weblog/archives/00000699.htm
>> --
> This is what I read (from Arup Nanda )
>
> Log File Redirection
> One of the breaches comes from the exploit available in the listener
> code, in which case a hacker might change the log directory to something
> other than the default, and then use that to gain valuable information about
> the listener, the services, the database, and so on. In a more serious
> exploit, the hacker might direct certain commands to be placed in the trace
> files that creates a user and grants it a DBA role. These commands are then
> placed in the glogin.sql file, which is executed automatically every time
> someone on the server connects to the database using SQL*Plus. When the DBA
> logs in, the code is also executed, which creates this Trojan horse user. To
> prevent such an exploit, you should place a password on the listener. When
> the user tries to modify these values, the correct password must be
> specified. If the wrong password is supplied, the user gets a TNS-1190
> error, which also goes to the log file. Here are two sample entries in the
> log file, when an incorrect password was issued:
>
>
>
In both cases, the cracker has access to your machine.
--
Regards,
Frank van Bortel
Top-posting is one way to shut me up...
Received on Mon Aug 21 2006 - 15:16:07 CDT
