Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Kevin L. Poulsen (klpsecurityfocus.com)
Date: Wed Jan 16 2002 - 12:12:22 CST
A U.K. security expert is preparing to unveil a trove of serious
vulnerabilities in Oracle's database products. Can the company redefine
'unbreakable' in time?
By Kevin Poulsen
Jan 16 2002 1:26AM PT
Making matters worse for Oracle, it turns out that those holes were little
more than a prelude to a suite of at least seven vulnerabilities currently
in the company's patch pipeline -- all of them discovered by Litchfield last
fall. Assuming fixes are available in time, Litchfield plans to present the
holes at a security conference in early February, including details of
serious bugs that allow attackers to both "break it" and "break in."
"They range from buffer overflows, to something in the way Oracle
communicates with different components," says Litchfield, lead designer and
developer at NGSSoftware. "We can actually interject ourselves in between
that communications process and run commands as SYSTEM on Windows NT or
2000. If it's running on a Unix system, we can run commands as the Oracle
remotely... So it's obviously very serious."