middleware corba vulnerabilities:do they exist?

From: william fitzgerald (williamf_at_cs.may.ie)
Date: 08/07/03

  • Next message: Rafael Anschau: "Re: Some help With BOF Exploits Writing."
    Date: Thu, 07 Aug 2003 14:25:42 +0000 (gmt)
    To: vuln-dev@securityfocus.com

    Hi all,

    I am not sure what forum I should have posted this on so if you know let me
    know for next time.

    I have been researching corba and corba security as a hobbie recently. Corba
    security seems to be solid from the omg corba security services 1.8 manual (only
    got through half of that spec so far).

    does corba have any security flaws that could be improved or are worth a research

    there must be ways to upset corba security services either intentionaly or unintentionaly.
    it seems to be heavily governed on policies. is the a vulnerability here?

    what about other middleware technologies such as ejb? are there security issues

    or do security issues arise when using both ejb and corba together?

    any information relating to corba security is welcomed. the omg specification
    wont highlight any existing security exploits for obvious reasons.

    I done a google seearch for "corba security vulnerabilites" but no security
    problems were returned.

    Kind regards,

    Mr. William Fitzgerald (MSc,BSc)
    Ericsson Systems Expertise Ltd.,
    Radio House, Beech Hill,
    Dublin 4.
    ph: 087 95 27 083

  • Next message: Rafael Anschau: "Re: Some help With BOF Exploits Writing."

    Relevant Pages