Re: 0day Oracle 10g exploit - dbms_aq.enqueue - become DBA

看板Bugtraq作者ge.時間19年前 (2007/04/04 03:49)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串2/3 (看更多)

On Mon, 2 Apr 2007, Andrea "bunker" Purificato wrote: > [0-day] Remote Oracle DBMS_AQ.ENQUEUE exploit (10g) Not a 0day. Just publicly released exploit code. This is: 1. Patched. 2. Not publicly exploitable. Gadi. > > Grant or revoke dba permission to unprivileged user > Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" > > AUTHOR: Andrea "bunker" Purificato > http://rawlab.mindcreations.com > > DATE: Mon Apr 2 11:54:22 CEST 2007 > > PATCH: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html > (CVE-2007-0268 ?) > > > You can find the evil code here: > http://rawlab.mindcreations.com/codes/exp/oracle/dbms_aq-enqueue.pl > > > Regards, > -- > Andrea "bunker" Purificato > +++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++ > ++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++. > > http://rawlab.mindcreations.com >

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 ge. 的文章

文章代碼(AID): #164g_T00 (Bugtraq)