<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Penetration Testing: Re: [PEN-TEST] Oracle

Re: [PEN-TEST] Oracle

From: Simon Waters <Simon_at_wretched.demon.co.uk>
Date: Mon, 5 Feb 2001 21:18:11 +0000

One general Oracle networking hole that I spotted the other day in the
patch database was to stop unpassword protected listeners having their
log file redirected at unsuspecting files owned by the Oracle user.

Thus if no password on the listener, anyone could request it to write
it's log over any file owned by the appropriate user.

That said I found lots of issues like this with Net8 before I discovered
how to lock down Oracle networking. I doubt many people have these all
lovingly locked down as the expertise on the topic was surprising
scarce, especially Oracle nameserver, I learnt it for the project and
have conveniently forgotten as much as possible.
Received on Feb 05 2001

This message: [ Message body ]
Next message: Beauregard, Claude Q: "Re: [PEN-TEST] Security ????"
Previous message: Osborne-1, Brett: "Re: [PEN-TEST] Security ????"
In reply to: Frazier, Thomas: "Re: [PEN-TEST] Oracle"
Next in thread: James W. Abendschan: "Re: [PEN-TEST] Oracle"
Reply: James W. Abendschan: "Re: [PEN-TEST] Oracle"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos