Looking Glass and Oracle 11g
Dieser Eintrag stammt von Alexander Kornbrust Am 11 Apr 2008 @ 15:10 In 11g | 1 Kommentar
Yesterday I read an [1] article about Apple Quicktime and LookingGlass. I downloaded the free [2] tool from the website of errata security.
Here are the [3] results from a test with Oracle 11.1.0.6 on Windows. I have scanned the Oracle Home and the tool found 518 Oracle files with dangerous functions like strcpy, sprintf, sscanf, strcat, …
[4] 
The Oracle executable (oracle.exe) for example is using wsprintfA, strncpy, sprintf, sscanf, _vsnprintf, _snprintf, vprintf, strncat, strtok, strlen, strcpy, strcat.
Dieser Artikel wurde ausgedruckt ab Alexander Kornbrust Oracle Security Blog: http://blog.red-database-security.com
URL zum Artikel: http://blog.red-database-security.com/2008/04/11/looking-glass-and-oracle-11g/
URLs in this post:
[1] article: http://www.heise-online.co.uk/security/Apple-incompletely-seals-off-QuickTime--/
news/110513
[2] tool: http://www.erratasec.com/lookingglass.html
[3] results: http://www.red-database-security.com/exploits/lg-scanresults_oracle_11gr1.txt
[4] Image: http://www.red-database-security.com/pictures/looking_glass_11106.png
Klicken hier zum Drucken.