Oracle8.1.6 DBSNMP Remote execute VulnerabilityCreate: 2002-01-16 Author: benjurry (benjurry_at_xfocus.org) --------------------------------------------------------------------------- Oracle8.1.6 DBSNMP Remote execute Vulnerability --------------------------------------------------------------------------- Release Date: 2002-01-15 Author: benjurry(benjurry@xfocus.org) Homepage: www.benjurry.org www.xfocus.org Affected system: Oracle 8i Not affected system: Oracle 9i Description: The command "dbsnmp_start"and "dbsnmp_stop" of LSNRCTL should only be run locally ,but if I send these command such as "(CONNECT_DATA=(COMMAND=dbsnmp_start))" by program. when tnslsnr.exe recive it, a memory error will occur, successful use this vulnerability and work with other bug in tnslsnr.exe, we can gain system privilege. Exploit: dbsnmp.c ABOUT XFOCUS Xfocus is a non-profit and free technology organization which was founded in 1998 in China. We are devoting to research and demonstration of weaknesses related to network services and communication security. Copyright 2001 http://xfocus.org, All rights reserved. |
