Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Oracle security alert #66 - new information available

Re: Oracle security alert #66 - new information available

From: Pete Finnigan <plsql_at_petefinnigan.com>
Date: Tue, 20 Apr 2004 16:25:15 +0100
Message-ID: <YzyaWoAbDUhARx6r@peterfinnigan.demon.co.uk> 





Hi Norm,



hope you are well?



The exploit jmig has discovered is a heap overflow rather than a buffer
overflow. What happens is that it is possible to corrupt heap memory
that you do not own. In this way with a carefully crafted string you can
write a pointer into a specific memory location that overwrites a
function pointer address such as a pointer table for a DLL that has been
loaded into memory dynamically. Then its possible to get the application
to execute your code instead of the intended function. 



I found a good paper that explains buffer overflows, heap overflows,
pointer overflows, format string exploits etc. Its at 
http://www.covertsystems.org/archives/misc-papers/csr-exploitation.pdf



hth



kind regards



Pete

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.


Received on Tue Apr 20 2004 - 10:25:15 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US