mailing list archives
Re: Recent Oracle exploit is _actually_ an 0day with no patch
From: "Steven M. Christey" <coley () mitre org>
Date: Thu, 27 Apr 2006 18:54:12 -0400 (EDT)
The recent Oracle exploit posted to Bugtraq
(http://www.securityfocus.com/archive/1/431353) is actually an 0day
and has no patch.
The referenced exploit seems to use GET_DOMAIN_INDEX_METADATA with a
TYPE_NAME that references an attacker-defined package with a
(modified?) ODCIIndexGetMeta function.
Your last example uses GET_V2_DOMAIN_INDEX_TABLES, with arguments that
reference an attacker-defined package with a (modified?)
Is this a surface-level discrepancy, or is your vector substantively
different than the one in the exploit? If these are different, then
is it possible that last week's exploit was actually fixed?
P.S. For those of you who are paying attention at this excruciating
level of detail, it seems that David's original use of
GET_DOMAIN_INDEX_METADATA in 2004 directly included the code in the
NEWBLOCK argument, whereas last week's exploit was performed through
an indirect reference to the code in the TYPE_NAME argument.