Re: Various Buffer Overflows in Oracle 10g Tools

From: David Litchfield (davidl_at_ngssoftware.com)
Date: 01/22/05

Next message: Luke Macken: "[ GLSA 200501-29 ] Mailman: Cross-site scripting vulnerability"

Previous message: The Dark Tangent: "Call for DEFCON Capture the Flag Organizers."
In reply to: Joxean Koret: "Various Buffer Overflows in Oracle 10g Tools"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Joxean Koret" <joxeankoret@yahoo.es>, "Security Tracker" <bugs@securitytracker.com>, "Secunia" <vuln@secunia.com>, <bugtraq@securityfocus.com>, <siaaypee@euskalnet.net>
Date: Sat, 22 Jan 2005 01:55:35 -0000

Hi Jose,
I'm away from my linux box at the moment; are any of these tools
setuid/setgid? I'm trying to ascertain the risk posed. If none of these
overflows present a privilege escalation opportunity then there is no risk
posed. If these tools are setuid/setgid then, needless to say there is a
risk.
Cheers,
David Litchfield

----- Original Message -----
From: "Joxean Koret" <joxeankoret@yahoo.es>
To: "Security Tracker" <bugs@securitytracker.com>; "Secunia"
<vuln@secunia.com>; <bugtraq@securityfocus.com>; <siaaypee@euskalnet.net>
Sent: Thursday, January 20, 2005 10:04 PM
Subject: Various Buffer Overflows in Oracle 10g Tools

Next message: Luke Macken: "[ GLSA 200501-29 ] Mailman: Cross-site scripting vulnerability"

Previous message: The Dark Tangent: "Call for DEFCON Capture the Flag Organizers."
In reply to: Joxean Koret: "Various Buffer Overflows in Oracle 10g Tools"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]