Hi Jose,
I'm away from my linux box at the moment; are any of these tools
setuid/setgid? I'm trying to ascertain the risk posed. If none of these
overflows present a privilege escalation opportunity then there is no risk
posed. If these tools are setuid/setgid then, needless to say there is a
risk.
Cheers,
David Litchfield
----- Original Message -----
From: "Joxean Koret" <joxeankoret (at) yahoo (dot) es [email concealed]>
To: "Security Tracker" <bugs (at) securitytracker (dot) com [email concealed]>; "Secunia"
<vuln (at) secunia (dot) com [email concealed]>; <bugtraq (at) securityfocus (dot) com [email concealed]>; <siaaypee (at) euskalnet (dot) net [email concealed]>
Sent: Thursday, January 20, 2005 10:04 PM
Subject: Various Buffer Overflows in Oracle 10g Tools
I'm away from my linux box at the moment; are any of these tools
setuid/setgid? I'm trying to ascertain the risk posed. If none of these
overflows present a privilege escalation opportunity then there is no risk
posed. If these tools are setuid/setgid then, needless to say there is a
risk.
Cheers,
David Litchfield
----- Original Message -----
From: "Joxean Koret" <joxeankoret (at) yahoo (dot) es [email concealed]>
To: "Security Tracker" <bugs (at) securitytracker (dot) com [email concealed]>; "Secunia"
<vuln (at) secunia (dot) com [email concealed]>; <bugtraq (at) securityfocus (dot) com [email concealed]>; <siaaypee (at) euskalnet (dot) net [email concealed]>
Sent: Thursday, January 20, 2005 10:04 PM
Subject: Various Buffer Overflows in Oracle 10g Tools
[ reply ]