exploit the possibilities
Showing 26 - 50 of 128 RSS Feed

Files from David Litchfield

Email addressdavid at davidlitchfield.com
First Active1999-08-17
Last Active2017-09-14
OracleForensicsPt5.pdf
Posted Aug 11, 2007
Authored by David Litchfield | Site databasesecurity.com

Whitepaper: Oracle Forensics Part 5 - Finding Evidence of Data Theft in the Absence of Auditing.

tags | paper
MD5 | f9c4c5af0c0bea22e2f5edd36f43c604
forensics.ppt
Posted Aug 11, 2007
Authored by David Litchfield | Site databasesecurity.com

Dissection of an Oracle Attack in the Absence of Auditing. Presentation slides from Black Hat 2007 as presented by David Litchfield.

tags | paper
MD5 | e225252d82c76279d7942bb0a47624dc
LiveResponse.pdf
Posted May 21, 2007
Authored by David Litchfield | Site databasesecurity.com

Whitepaper: Oracle Forensics Part 4 - What an incident responder should do during a Live Response on a compromised Oracle server.

tags | paper
MD5 | 7eccdc9df70ccf0c0128e03e09ffc4b1
NGSSoftware-OracleCPUAPR2007.pdf
Posted Apr 19, 2007
Authored by David Litchfield | Site databasesecurity.com

Database Security Brief: The Oracle Critical Patch Update for April 2007.

tags | paper
MD5 | f22e5f3f5b28ed56e2ff7f780db7f44c
Investigating-Authentication-Attacks.pdf
Posted Apr 5, 2007
Authored by David Litchfield | Site databasesecurity.com

Whitepaper: Oracle Forensics Part 3 - Isolating Evidence of Attacks Against the Authentication Mechanism.

tags | paper
MD5 | 4a40d448619ec26b11e06132405bb58c
Locating-Dropped-Objects.pdf
Posted Apr 5, 2007
Authored by David Litchfield | Site databasesecurity.com

Whitepaper: Oracle Forensics Part 2 - Locating Dropped Objects.

tags | paper
MD5 | b2c41da7e226ea40818922c9c575d17c
dissecting-the-redo-logs.pdf
Posted Apr 5, 2007
Authored by David Litchfield | Site databasesecurity.com

Whitepaper: Oracle Forensics Part 1 - Dissecting the Redo Logs.

tags | paper
MD5 | 3da7d1d3806509abe2ca52b89e3e3006
cursor-injection.pdf
Posted Feb 28, 2007
Authored by David Litchfield | Site databasesecurity.com

Whitepaper entitled "Cursor Injection - A New Method for Exploiting PL/SQL Injection and Potential Defences".

tags | paper, sql injection
MD5 | 362a8bc28de4284e293f55c47059f518
ohh-indirect-privilege-escalation.pdf
Posted Jan 30, 2007
Authored by David Litchfield | Site ngssoftware.com

Defeating Virtual Private Databases, a chapter from the Oracle Hacker's Handbook.

tags | paper
MD5 | b3c9459470580aece5ec02534708d917
ohh-defeating-vpd.pdf
Posted Jan 30, 2007
Authored by David Litchfield | Site ngssoftware.com

Indirect Privilege Escalation, a chapter from the Oracle Hacker's Handbook.

tags | paper
MD5 | 5346915d186c78932798fb0f283ea09c
cursor-snarfing.pdf
Posted Nov 30, 2006
Authored by David Litchfield | Site ngssoftware.com

Whitepaper detailing a potential PL/SQL programming error related to cursors that leads to a new class of vulnerability in Oracle.

tags | paper, code execution, file inclusion
MD5 | 8533bb5f8149f4b843e9216172129966
comparison.pdf
Posted Nov 22, 2006
Authored by David Litchfield | Site ngssoftware.com

Whitepaper entitled "Which is more secure? Oracle vs. Microsoft". This article looks at the number of security flaws in Oracle and Microsoft database offerings.

tags | paper
MD5 | 9dccc7de3a92b181a9683759b66dabce
NISR02082006I.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple file creation/write/read issues were discovered. The LOTOFILE function and rlt_tracefile_set functions can be used to create and write to files. The SET DEBUG FILE can also be used to create and write to files. All versions are affected.

tags | advisory
advisories | CVE-2006-3859
MD5 | 08bb6092c587cd407c6e7391d131de93
NISR02082006H.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix it was discovered that any user can create a database and thus gain DBA privileges. On Informix public has the connect privilege; thus anyone with a login may connect. Public can also issue the create database command. When the database is created, the user that created the database is made a DBA of that database. A DBA can execute code as the informix user and trivially gain root privileges. Versions affected include 9.40.xC6 and earlier and 10.00.xC2, C1.

tags | advisory, root
advisories | CVE-2006-3861
MD5 | a9a996c792c7d57a32ccd09ac3c50373
NISR02082006G.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix it was discovered that an overflow could be triggered in a shared library with the SQLIDEBUG environment variable. This can be triggered to gain root privileges by accessing one of the setuid root binaries such as onmode. Versions affected include 9.40.xC6 and earlier and 10.00.xC2, C1.

tags | advisory, overflow, root
advisories | CVE-2006-3862
MD5 | 7f64285bcca453df2f6588f93dc4db6e
NISR02082006F.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple arbitrary command execution flaws were found. It is possible to inject arbitrary operating system commands into the SET DEBUG FILE SQL statement and the start_onpload and dbexp procedures. Any commands injected into SET DEBUG FILE will execute with the privileges of the informix user; any command injected into dbexp or start_onpload will execute with the privileges of the logged on user. All versions are affected.

tags | advisory, arbitrary
advisories | CVE-2006-3860
MD5 | 74ea9745c14f2d2c36c2c7fb96ee99a4
NISR02082006E.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple password exposure flaws were discovered. When a user logs on to an Informix server their cleartext password can be found in a shared memory section. On Windows "everyone" can open the section and read the contents and thus gain access to the passwords for every logged on user. On both Linux and Windows, in the event of a crash the share memory is dumped in a log file which is world readable. All versions are affected.

tags | advisory
systems | linux, windows
advisories | CVE-2006-3858
MD5 | a61d36800c1b28ff381005ac203e1e33
NISR02082006D.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple buffer overflow vulnerabilities were discovered that could be exploited via SQL or the protocol. All versions are affected.

tags | advisory, overflow, vulnerability, protocol
advisories | CVE-2006-3857
MD5 | 8875427912f012a55b6338d61b48cb0d
NISR02082006C.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. An attacker can force to the database server to load an arbitrary library and thus execute arbitrary code. The ifx_load_internal SQL function can be used to load an arbitrary library into the address space of the database server process. By placing code in the DllMain() function on Windows or _init() on Linux an attacker can have this code execute automatically when the library is loaded. In conjunction with exploiting other flaws it is possible to remotely create a library over SQL, dump this to the server disk and then load it. All versions are affected.

tags | advisory, arbitrary
systems | linux, windows
advisories | CVE-2006-3855
MD5 | b8d173ad4c04f94ba83b3cd3ce98f140
NISR02082006B.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. When IBM released a patch for the overly long username buffer overflow (CVE-2006-3853) it was discovered that the patch introduced a new buffer overflow vulnerability. Versions affected include 9.40.xC7 and xC8, 10.00.xC3 and xC4.

tags | advisory, overflow
advisories | CVE-2006-3853, CVE-2006-3854
MD5 | 0d741bc614c48dd1b99de79937d95136
NISR02082006A.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - When an Informix server logs on a user it copies the username to a 260 byte stack based buffer without first verifying its length. An attacker can exploit this by overflowing this buffer to overwrite the saved return address on the stack and thus redirect the process' path of execution to a location of their choosing. Versions 9.40.xC6 and below are affected. Versions 10.00.xC2 and below are affected.

tags | advisory, overflow
advisories | CVE-2006-3853
MD5 | 2a1610a31726c9d9726e8f05d201102c
DatabaseHackersHandbook-AttackingInformix.pdf
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

Informix: Discovery, Attack, and Defense.

tags | paper
MD5 | 8016df3d3d2c0d5685ba2c6954434a94
Oracle-PLSQL.txt
Posted Jan 27, 2006
Authored by David Litchfield

There's a critical flaw in the Oracle PLSQL Gateway, a component of iAS, OAS and the Oracle HTTP Server, that allows attackers to bypass the PLSQLExclusion list and gain access to "excluded" packages and procedures. This can be exploited by an attacker to gain full DBA control of the backend database server through the web server.

tags | advisory, web, sql injection
MD5 | c98b2982b727c9652f43201b8c1b456e
aix-heap.pdf
Posted Dec 18, 2005
Authored by David Litchfield | Site ngssoftware.com

Whitepaper entitled 'An Introduction To Heap Overflows On AIX 5.3L'.

tags | paper, overflow
systems | aix
MD5 | bcf9344092dd57cbf7b7b2315c717e60
db-sec-tokens.pdf
Posted Nov 20, 2005
Authored by David Litchfield | Site ngssoftware.com

"Snagging Security Tokens to Elevate Privileges" is a brief that details how a database server running as a low privileged user on Windows can still provide an attacker with the ability to gain elevated privileges on the network and suggests a change in security policy to mitigate the risk. As a side note, this affects all network servers that offer OS based authentication - not just database servers.

tags | paper
systems | windows
MD5 | 9ab46ff12aa432a760ccd2acf8a0089e
Page 2 of 6
Back12345Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close