lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.64.0902200318120.22068@forced.attrition.org>
Date: Fri, 20 Feb 2009 03:21:14 +0000 (UTC)
From: security curmudgeon <jericho@...rition.org>
To: Bugtraq <bugtraq@...urityfocus.com>
Cc: secalert_us@...cle.com
Subject: Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow
 in SYS.OLAPIMPL_T.ODCITABLESTART



: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
: Risk Level: High

: Oracle Database Server provides the SYS.OLAPIMPL_T package. This package 
: contains the procedure ODCITABLESTART which is vulnerable to buffer 
: overflow attacks. Impact: By default SYS.OLAPIMPL_T has EXECUTE 
: permission to PUBLIC so any Oracle database user can exploit this 
: vulnerability. Exploitation of this vulnerability allows an attacker to 
: execute arbitrary code. It can also be exploited to cause DoS (Denial of 
: service) killing the Oracle server process.
: 
: CVE: CVE-2008-3974

: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html

Oracle:

Confidentiality: None
Integrity: None
Availability: Partial
CVSS: 4.0

That doesn't seem to go with a remote overflow / code execution 
vulnerability.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ