Home page logo
/

bugtraq logo Bugtraq mailing list archives

AW: Silently fixed security bugs in Oracle Critical Patch Update July 2005
From: "Kornbrust, Alexander" <ak () red-database-security com>
Date: Fri, 15 Jul 2005 19:37:03 +0200

Hi David and all,

You are right. 

Bug 2576249 (DAV_PUBLIC) was discovered by the Litchfield brothers and is already fixed with Alert 52. 

Correct me if I'm wrong, but I am not aware that the other bugs (Memory leak, webcache SSL 40bit encryption, 
oraaltpassword ...) are already covered by another Oracle security alert.

Cheers

 Alexander Kornbrust

 Red-Database-Security GmbH
 http://www.red-database-security.com



-----Urspr√ľngliche Nachricht-----
Von: David Litchfield [mailto:davidl () ngssoftware com] 
Gesendet: Freitag, 15. Juli 2005 19:17
An: Kornbrust, Alexander; bugtraq () securityfocus com
Betreff: Re: Silently fixed security bugs in Oracle Critical Patch Update July 2005

Hi Alex and all,

After reading the patch documentation and some tests with the CPU July 
2005 I found out that Oracle fixed some security bugs silently without 
mention these bugs in their current risk matrix.

Detailed information about most of these bugs are not available via 
Metalink but in many cases the description is sufficient for a malicious 
attacker
(e.g. "/DAV_PUBLIC IS NOT PROTECTED BY DEFAULT ENABLING MALITIOUS USER TO 
FILL IT UP")

For Mod_Oradav 9.0.2.3:
2576249 - /DAV_PUBLIC IS NOT PROTECTED BY DEFAULT ENABLING MALITIOUS USER 
TO FILL IT UP
2544464 - ORAALTPASSWORD SHOULD BE ENCRYPTED AND NOT JUST OBFUSCATED

I don't think this one was silently fixed - see 
http://www.securitytracker.com/alerts/2003/Feb/1006098.html

Cheers,
David Litchfield
NGSSoftware Ltd
http://www.ngssoftware.com/


  By Date           By Thread  

Current thread:
  • AW: Silently fixed security bugs in Oracle Critical Patch Update July 2005 Kornbrust, Alexander (Jul 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]