[Previous entry: "New paper: Cursor injection - attacking Oracle with just CREATE SESSION"] [Next entry: "Oracle exploits available"]
New and Improved Oracle Exploits Coming at Black Hat
March 3rd, 2007 by Pete
Post to del.icio.us
Post to Furl
"New and Improved Oracle Exploits Coming at Black Hat" - by Lisa Vaas,
"Oracle's slated to be the whipping boy in two Oracle-specific Black Hat briefings and will be among the clump of databases faulted in one general database communication protocol weakness briefing. Expect at least one zero-day exploit and an entirely new class of attack technique, all with Oracle in their crosshairs.
Oracle's up for being a whipping-boy at Black Hat 2007 Washington, Feb. 28-March 1, with two briefings dedicated to Oracle security and/or insecurity."
Sorry I got Lisa's request for comment late on BH and also Davids paper but this is because our son has not been well for the last week and a half - he is getting better now. Lisa commented that I thought David's hack was cool but the detail of why was not reflected well in my post. The bit I thought was cool was the fact that you can pre-compile any valid cursor as any user who has only CREATE SESSION and then inject this precompiled cursor into a vulnerable PL/SQL package/function, i.e. taking advantage of cursor snarfing / injection / dangling issues. This makes previously minor SQL Injection bugs found much more useful to a hacker.
I have not seen the presentations from Cesar and David but as far as I know Cesar was talking about using simple free tools such as sysinternals process explorer to find bugs in software such as Oracle and I beleive he was highlighting the NULL DACL issue discussed in David's new book and also in the Oracle-L list previously - I am not sure if this was the intended 0-day or not, if it was then its not totally 0-day.
