lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: jdyson at bugtraq.org (Jay D. Dyson)
Subject: Re: [VulnWatch] Heap Overflow in Oracle 9iAS / 10g Application Server Web Cache

Quick question - from your advisory . . .

On Thu, Apr 08, 2004 at 02:48:43PM +0200, Ioannis Migadakis wrote:
>      Platform: All Oracle supported platforms - 
>                Sun Solaris
>                HP/UX
>                HP Tru64
>                IBM AIX
>                Linux
>                Windows
>      Severity: Critical - Remote Code Execution
>      Category: Heap Overflow 
>  Exploitation: Remote
> 
bracket dot dot dot bracket
> 77FCBF00   MOV DWORD PTR DS:[ESI], ECX
> 77FCBF02   MOV DWORD PTR DS:[ECX+4], ESI
> 
> 
> ECX and ESI are overwritten with the attacker supplied values. By 
> controlling the values of the registers ECX and ESI, it is possible to 
> write an arbitrary dword to any address. It all comes to the WHERE - 
> WHAT situation described in many security related documents. Also the
> buffer is quite large - Oracle9iAS Web Cache uses 4 KB for the HTTP 
> headers as default buffer size. Using different variations of the exploit 
> technique it is possible to overwrite different CPU registers.
> 

Have you attempted to verify exploitability on anything other than windows?

. . . or, are the other architectures just listed as vulnerable to hype up
your ego?

-- 
- -Jay

   (    (                                                        _______
   ))   ))   .-"There's always time for a good cup of coffee"-.   >====<--.
 C|~~|C|~~| (>------ Jay D. Dyson -- jdyson@...traq.org ------<) |    = |-'
  `--' `--'  `-------- Si latinam satis simiis doces, --------'  `------'
              `--- quandoque unus aliquid profundum dicet ---'
	  


Powered by blists - more mailing lists