what you don't know can hurt you
Showing 26 - 50 of 128 RSS Feed

Files from David Litchfield

Email addressdavid at davidlitchfield.com
First Active1999-08-17
Last Active2017-09-14
OracleForensicsPt5.pdf
Posted Aug 11, 2007
Authored by David Litchfield | Site databasesecurity.com

Whitepaper: Oracle Forensics Part 5 - Finding Evidence of Data Theft in the Absence of Auditing.

tags | paper
SHA-256 | 05f964f5538507637f62883278dca0fbb358534be66e7a889e548211d48bc52c
forensics.ppt
Posted Aug 11, 2007
Authored by David Litchfield | Site databasesecurity.com

Dissection of an Oracle Attack in the Absence of Auditing. Presentation slides from Black Hat 2007 as presented by David Litchfield.

tags | paper
SHA-256 | ea0db6b1c967296d75373f0bddcdec3b52590bea40c28dd773a626143ccc0a39
LiveResponse.pdf
Posted May 21, 2007
Authored by David Litchfield | Site databasesecurity.com

Whitepaper: Oracle Forensics Part 4 - What an incident responder should do during a Live Response on a compromised Oracle server.

tags | paper
SHA-256 | 83f0aeb9dd27cf69a8be8e6c4848a9202b04c6d3075694610204fed13acc7d0b
NGSSoftware-OracleCPUAPR2007.pdf
Posted Apr 19, 2007
Authored by David Litchfield | Site databasesecurity.com

Database Security Brief: The Oracle Critical Patch Update for April 2007.

tags | paper
SHA-256 | a465cc3fe3cd6f9d61436789abaa6d3353a89cf58084fac1c54a1b580479ea9a
Investigating-Authentication-Attacks.pdf
Posted Apr 5, 2007
Authored by David Litchfield | Site databasesecurity.com

Whitepaper: Oracle Forensics Part 3 - Isolating Evidence of Attacks Against the Authentication Mechanism.

tags | paper
SHA-256 | 81e72d8d4ad573a25cd1dc2081223589365436cda2fb6120efd95ace839bbc35
Locating-Dropped-Objects.pdf
Posted Apr 5, 2007
Authored by David Litchfield | Site databasesecurity.com

Whitepaper: Oracle Forensics Part 2 - Locating Dropped Objects.

tags | paper
SHA-256 | 4ae3a18f31870f0d43997f9547068790fed32a9e928f6fd5fdfada63b49fbb91
dissecting-the-redo-logs.pdf
Posted Apr 5, 2007
Authored by David Litchfield | Site databasesecurity.com

Whitepaper: Oracle Forensics Part 1 - Dissecting the Redo Logs.

tags | paper
SHA-256 | b03a861dde27c162bf5629855f2f67c101139bb2deae2410b0349885f1615935
cursor-injection.pdf
Posted Feb 28, 2007
Authored by David Litchfield | Site databasesecurity.com

Whitepaper entitled "Cursor Injection - A New Method for Exploiting PL/SQL Injection and Potential Defences".

tags | paper, sql injection
SHA-256 | 5e052565e3661c687c0142cb2a857a3b5d8400a27ec65832792185de33fbad3d
ohh-indirect-privilege-escalation.pdf
Posted Jan 30, 2007
Authored by David Litchfield | Site ngssoftware.com

Defeating Virtual Private Databases, a chapter from the Oracle Hacker's Handbook.

tags | paper
SHA-256 | 7cf148e1ab70f4357ff232e00ce6a5f24bef89a12e5de8bc87246be02511702f
ohh-defeating-vpd.pdf
Posted Jan 30, 2007
Authored by David Litchfield | Site ngssoftware.com

Indirect Privilege Escalation, a chapter from the Oracle Hacker's Handbook.

tags | paper
SHA-256 | 7f8124fe32864ca4771a493debdf86f128eba3b844b6479d4bfc1da1fee9ff8a
cursor-snarfing.pdf
Posted Nov 30, 2006
Authored by David Litchfield | Site ngssoftware.com

Whitepaper detailing a potential PL/SQL programming error related to cursors that leads to a new class of vulnerability in Oracle.

tags | paper, code execution, file inclusion
SHA-256 | 8c5057fe16f9b2f304f5725b4b6a9f9f6342e138793b7fb488b2611b317c234a
comparison.pdf
Posted Nov 22, 2006
Authored by David Litchfield | Site ngssoftware.com

Whitepaper entitled "Which is more secure? Oracle vs. Microsoft". This article looks at the number of security flaws in Oracle and Microsoft database offerings.

tags | paper
SHA-256 | 76b1dff89265c886e4fb95a2da210b637f0ae4d28b78e4ee37976c44012de162
NISR02082006I.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple file creation/write/read issues were discovered. The LOTOFILE function and rlt_tracefile_set functions can be used to create and write to files. The SET DEBUG FILE can also be used to create and write to files. All versions are affected.

tags | advisory
advisories | CVE-2006-3859
SHA-256 | 2affd37ddf15299e22b23ffbd647cb2a6e868929770043427f279f0f699124e2
NISR02082006H.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix it was discovered that any user can create a database and thus gain DBA privileges. On Informix public has the connect privilege; thus anyone with a login may connect. Public can also issue the create database command. When the database is created, the user that created the database is made a DBA of that database. A DBA can execute code as the informix user and trivially gain root privileges. Versions affected include 9.40.xC6 and earlier and 10.00.xC2, C1.

tags | advisory, root
advisories | CVE-2006-3861
SHA-256 | 2e55245ad26b576afca508a68372cfda7bb86b7546b1285a8099dff4c166de4f
NISR02082006G.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix it was discovered that an overflow could be triggered in a shared library with the SQLIDEBUG environment variable. This can be triggered to gain root privileges by accessing one of the setuid root binaries such as onmode. Versions affected include 9.40.xC6 and earlier and 10.00.xC2, C1.

tags | advisory, overflow, root
advisories | CVE-2006-3862
SHA-256 | 8955388d97ae74ef45c6d22c01de4a4e9547b265d516e7f9401fb036eba2275d
NISR02082006F.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple arbitrary command execution flaws were found. It is possible to inject arbitrary operating system commands into the SET DEBUG FILE SQL statement and the start_onpload and dbexp procedures. Any commands injected into SET DEBUG FILE will execute with the privileges of the informix user; any command injected into dbexp or start_onpload will execute with the privileges of the logged on user. All versions are affected.

tags | advisory, arbitrary
advisories | CVE-2006-3860
SHA-256 | b5d5e8096254163518ebf4ac4de8efc16ebf88b9ec376fb817120eeb7e23c608
NISR02082006E.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple password exposure flaws were discovered. When a user logs on to an Informix server their cleartext password can be found in a shared memory section. On Windows "everyone" can open the section and read the contents and thus gain access to the passwords for every logged on user. On both Linux and Windows, in the event of a crash the share memory is dumped in a log file which is world readable. All versions are affected.

tags | advisory
systems | linux, windows
advisories | CVE-2006-3858
SHA-256 | 23a0c353bdfb30b80077409ec6689836532d2a232cb2f65d11d7db404804d932
NISR02082006D.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple buffer overflow vulnerabilities were discovered that could be exploited via SQL or the protocol. All versions are affected.

tags | advisory, overflow, vulnerability, protocol
advisories | CVE-2006-3857
SHA-256 | 0a99d3578e49c0e3c76bcb6cfb33a822c4e9a7ee029cbfec611087fff35ff68d
NISR02082006C.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. An attacker can force to the database server to load an arbitrary library and thus execute arbitrary code. The ifx_load_internal SQL function can be used to load an arbitrary library into the address space of the database server process. By placing code in the DllMain() function on Windows or _init() on Linux an attacker can have this code execute automatically when the library is loaded. In conjunction with exploiting other flaws it is possible to remotely create a library over SQL, dump this to the server disk and then load it. All versions are affected.

tags | advisory, arbitrary
systems | linux, windows
advisories | CVE-2006-3855
SHA-256 | cc47bb6ff9a3cd8a1becdf64a6684bcdcfeba23e757986e96fe1cef4419ee8f4
NISR02082006B.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. When IBM released a patch for the overly long username buffer overflow (CVE-2006-3853) it was discovered that the patch introduced a new buffer overflow vulnerability. Versions affected include 9.40.xC7 and xC8, 10.00.xC3 and xC4.

tags | advisory, overflow
advisories | CVE-2006-3853, CVE-2006-3854
SHA-256 | a524b566bd4e626035409bb6612c2602c95367a1df9a5480ca3957f611ef5203
NISR02082006A.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - When an Informix server logs on a user it copies the username to a 260 byte stack based buffer without first verifying its length. An attacker can exploit this by overflowing this buffer to overwrite the saved return address on the stack and thus redirect the process' path of execution to a location of their choosing. Versions 9.40.xC6 and below are affected. Versions 10.00.xC2 and below are affected.

tags | advisory, overflow
advisories | CVE-2006-3853
SHA-256 | 2a9e85aa496c5f0ce698a7b9dce1377ad7751df65f00e4921b3dea642392da04
DatabaseHackersHandbook-AttackingInformix.pdf
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

Informix: Discovery, Attack, and Defense.

tags | paper
SHA-256 | 30d3c198f1a5407dc57ce22ec3acc687151a9106b822a114825a198deff50d61
Oracle-PLSQL.txt
Posted Jan 27, 2006
Authored by David Litchfield

There's a critical flaw in the Oracle PLSQL Gateway, a component of iAS, OAS and the Oracle HTTP Server, that allows attackers to bypass the PLSQLExclusion list and gain access to "excluded" packages and procedures. This can be exploited by an attacker to gain full DBA control of the backend database server through the web server.

tags | advisory, web, sql injection
SHA-256 | 1065f3171e688a6943367c17316c3c189200259c4f1a0d62c3094f4eff89ca02
aix-heap.pdf
Posted Dec 18, 2005
Authored by David Litchfield | Site ngssoftware.com

Whitepaper entitled 'An Introduction To Heap Overflows On AIX 5.3L'.

tags | paper, overflow
systems | aix
SHA-256 | 7fe6d39248e544c8e5b6ebe39fa4a017668634c3582f64b4ab78f3a53fbf39b8
db-sec-tokens.pdf
Posted Nov 20, 2005
Authored by David Litchfield | Site ngssoftware.com

"Snagging Security Tokens to Elevate Privileges" is a brief that details how a database server running as a low privileged user on Windows can still provide an attacker with the ability to gain elevated privileges on the network and suggests a change in security policy to mitigate the risk. As a side note, this affects all network servers that offer OS based authentication - not just database servers.

tags | paper
systems | windows
SHA-256 | ddf0367b0ae123b501921160d18f52c089a3c85c8d21251937bf98c7eee6c567
Page 2 of 6
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close