Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[Argeniss] Practical 10 minutes security audit: Oracle Case (Paper)
From: Cesar <cesarc56 () yahoo com>
Date: Fri, 9 Mar 2007 17:05:24 -0800 (PST)

Hi.

Abstract:
This paper will show a extremely simple technique to
quickly audit a software product in order
to infer how trustable and secure it is. I will show
you step by step how to identify half dozen
of local 0day vulnerabilities in few minutes just
making a couple of clicks on very easy to use
free tools, then for the technical guys enjoyment the
vulnerabilities will be easily pointed out
on disassembled code and detailed, finally a 0day
exploit for one of the vulnerabilities will be
demonstrated.
While this technique can be applied to any software in
this case I will take a look at the latest
version of Oracle Database Server: 10gR2 for Windows,
which is a extremely secure product
so it will be a very difficult challenge to find
vulnerabilities since Oracle is using advanced next
generation tools to identify and fix vulnerabilities

http://www.argeniss.com/research/10MinSecAudit.zip
(PoC exploit included)

Thanks.

Cesar.



 
____________________________________________________________________________________
Need Mail bonding?
Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users.
http://answers.yahoo.com/dir/?link=list&sid=396546091

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [Argeniss] Practical 10 minutes security audit: Oracle Case (Paper) Cesar (Mar 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]