Whitepaper: Oracle Forensics Part 5 - Finding Evidence of Data Theft in the Absence of Auditing.
05f964f5538507637f62883278dca0fbb358534be66e7a889e548211d48bc52cDissection of an Oracle Attack in the Absence of Auditing. Presentation slides from Black Hat 2007 as presented by David Litchfield.
ea0db6b1c967296d75373f0bddcdec3b52590bea40c28dd773a626143ccc0a39Whitepaper: Oracle Forensics Part 4 - What an incident responder should do during a Live Response on a compromised Oracle server.
83f0aeb9dd27cf69a8be8e6c4848a9202b04c6d3075694610204fed13acc7d0bDatabase Security Brief: The Oracle Critical Patch Update for April 2007.
a465cc3fe3cd6f9d61436789abaa6d3353a89cf58084fac1c54a1b580479ea9aWhitepaper: Oracle Forensics Part 3 - Isolating Evidence of Attacks Against the Authentication Mechanism.
81e72d8d4ad573a25cd1dc2081223589365436cda2fb6120efd95ace839bbc35Whitepaper: Oracle Forensics Part 2 - Locating Dropped Objects.
4ae3a18f31870f0d43997f9547068790fed32a9e928f6fd5fdfada63b49fbb91Whitepaper: Oracle Forensics Part 1 - Dissecting the Redo Logs.
b03a861dde27c162bf5629855f2f67c101139bb2deae2410b0349885f1615935Whitepaper entitled "Cursor Injection - A New Method for Exploiting PL/SQL Injection and Potential Defences".
5e052565e3661c687c0142cb2a857a3b5d8400a27ec65832792185de33fbad3dDefeating Virtual Private Databases, a chapter from the Oracle Hacker's Handbook.
7cf148e1ab70f4357ff232e00ce6a5f24bef89a12e5de8bc87246be02511702fIndirect Privilege Escalation, a chapter from the Oracle Hacker's Handbook.
7f8124fe32864ca4771a493debdf86f128eba3b844b6479d4bfc1da1fee9ff8aWhitepaper detailing a potential PL/SQL programming error related to cursors that leads to a new class of vulnerability in Oracle.
8c5057fe16f9b2f304f5725b4b6a9f9f6342e138793b7fb488b2611b317c234aWhitepaper entitled "Which is more secure? Oracle vs. Microsoft". This article looks at the number of security flaws in Oracle and Microsoft database offerings.
76b1dff89265c886e4fb95a2da210b637f0ae4d28b78e4ee37976c44012de162NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple file creation/write/read issues were discovered. The LOTOFILE function and rlt_tracefile_set functions can be used to create and write to files. The SET DEBUG FILE can also be used to create and write to files. All versions are affected.
2affd37ddf15299e22b23ffbd647cb2a6e868929770043427f279f0f699124e2NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix it was discovered that any user can create a database and thus gain DBA privileges. On Informix public has the connect privilege; thus anyone with a login may connect. Public can also issue the create database command. When the database is created, the user that created the database is made a DBA of that database. A DBA can execute code as the informix user and trivially gain root privileges. Versions affected include 9.40.xC6 and earlier and 10.00.xC2, C1.
2e55245ad26b576afca508a68372cfda7bb86b7546b1285a8099dff4c166de4fNGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix it was discovered that an overflow could be triggered in a shared library with the SQLIDEBUG environment variable. This can be triggered to gain root privileges by accessing one of the setuid root binaries such as onmode. Versions affected include 9.40.xC6 and earlier and 10.00.xC2, C1.
8955388d97ae74ef45c6d22c01de4a4e9547b265d516e7f9401fb036eba2275dNGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple arbitrary command execution flaws were found. It is possible to inject arbitrary operating system commands into the SET DEBUG FILE SQL statement and the start_onpload and dbexp procedures. Any commands injected into SET DEBUG FILE will execute with the privileges of the informix user; any command injected into dbexp or start_onpload will execute with the privileges of the logged on user. All versions are affected.
b5d5e8096254163518ebf4ac4de8efc16ebf88b9ec376fb817120eeb7e23c608NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple password exposure flaws were discovered. When a user logs on to an Informix server their cleartext password can be found in a shared memory section. On Windows "everyone" can open the section and read the contents and thus gain access to the passwords for every logged on user. On both Linux and Windows, in the event of a crash the share memory is dumped in a log file which is world readable. All versions are affected.
23a0c353bdfb30b80077409ec6689836532d2a232cb2f65d11d7db404804d932NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple buffer overflow vulnerabilities were discovered that could be exploited via SQL or the protocol. All versions are affected.
0a99d3578e49c0e3c76bcb6cfb33a822c4e9a7ee029cbfec611087fff35ff68dNGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. An attacker can force to the database server to load an arbitrary library and thus execute arbitrary code. The ifx_load_internal SQL function can be used to load an arbitrary library into the address space of the database server process. By placing code in the DllMain() function on Windows or _init() on Linux an attacker can have this code execute automatically when the library is loaded. In conjunction with exploiting other flaws it is possible to remotely create a library over SQL, dump this to the server disk and then load it. All versions are affected.
cc47bb6ff9a3cd8a1becdf64a6684bcdcfeba23e757986e96fe1cef4419ee8f4NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. When IBM released a patch for the overly long username buffer overflow (CVE-2006-3853) it was discovered that the patch introduced a new buffer overflow vulnerability. Versions affected include 9.40.xC7 and xC8, 10.00.xC3 and xC4.
a524b566bd4e626035409bb6612c2602c95367a1df9a5480ca3957f611ef5203NGSSoftware Insight Security Research Advisory - When an Informix server logs on a user it copies the username to a 260 byte stack based buffer without first verifying its length. An attacker can exploit this by overflowing this buffer to overwrite the saved return address on the stack and thus redirect the process' path of execution to a location of their choosing. Versions 9.40.xC6 and below are affected. Versions 10.00.xC2 and below are affected.
2a9e85aa496c5f0ce698a7b9dce1377ad7751df65f00e4921b3dea642392da04Informix: Discovery, Attack, and Defense.
30d3c198f1a5407dc57ce22ec3acc687151a9106b822a114825a198deff50d61There's a critical flaw in the Oracle PLSQL Gateway, a component of iAS, OAS and the Oracle HTTP Server, that allows attackers to bypass the PLSQLExclusion list and gain access to "excluded" packages and procedures. This can be exploited by an attacker to gain full DBA control of the backend database server through the web server.
1065f3171e688a6943367c17316c3c189200259c4f1a0d62c3094f4eff89ca02Whitepaper entitled 'An Introduction To Heap Overflows On AIX 5.3L'.
7fe6d39248e544c8e5b6ebe39fa4a017668634c3582f64b4ab78f3a53fbf39b8"Snagging Security Tokens to Elevate Privileges" is a brief that details how a database server running as a low privileged user on Windows can still provide an attacker with the ability to gain elevated privileges on the network and suggests a change in security policy to mitigate the risk. As a side note, this affects all network servers that offer OS based authentication - not just database servers.
ddf0367b0ae123b501921160d18f52c089a3c85c8d21251937bf98c7eee6c567
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed