[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Various Buffer Overflows in Oracle 10g Tools

To: "Joxean Koret" <joxeankoret@xxxxxxxx>, "Security Tracker" <bugs@xxxxxxxxxxxxxxxxxxx>, "Secunia" <vuln@xxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>, <siaaypee@xxxxxxxxxxxxx>
Subject: Re: Various Buffer Overflows in Oracle 10g Tools
From: "David Litchfield" <davidl@xxxxxxxxxxxxxxx>
Date: Sat, 22 Jan 2005 01:55:35 -0000

Hi Jose, I'm away from my linux box at the moment; are any of these tools setuid/setgid? I'm trying to ascertain the risk posed. If none of these overflows present a privilege escalation opportunity then there is no risk posed. If these tools are setuid/setgid then, needless to say there is a risk. Cheers, David Litchfield

----- Original Message ----- From: "Joxean Koret" <joxeankoret@xxxxxxxx> To: "Security Tracker" <bugs@xxxxxxxxxxxxxxxxxxx>; "Secunia" <vuln@xxxxxxxxxxx>; <bugtraq@xxxxxxxxxxxxxxxxx>; <siaaypee@xxxxxxxxxxxxx> Sent: Thursday, January 20, 2005 10:04 PM Subject: Various Buffer Overflows in Oracle 10g Tools

References:
- Various Buffer Overflows in Oracle 10g Tools
  - From: Joxean Koret

Prev by Date: Call for DEFCON Capture the Flag Organizers.
Next by Date: [ GLSA 200501-29 ] Mailman: Cross-site scripting vulnerability
Previous by thread: Various Buffer Overflows in Oracle 10g Tools
Next by thread: bug report comersus Back Office Lite 6.0 and 6.0.1
Index(es):
- Date
- Thread