Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » How to hack unbreakable Oracle servers

How to hack unbreakable Oracle servers

by Nikola Strahija on February 11th, 2002 Security researcher David Litchfield has identified a vast number of attacks against Oracle application servers and has written them up in a paper which includes defensive strategies as well.


The paper can be find at www.nextgenss.com/papers/hpoas.pdf.
From this we learn, contrary to Oracle President Larry Ellison's claims, that Oracle is vulnerable to buffer overflow attacks, DoS attacks, and remote exploitation to name but a few difficulties.

Litchfield willingly allows that Oracle makes the most secure product on the market, and compliments Oracle for its obvious dedication to security. But as for being unbreakable, well, we all know that nothing is.

First up we have a PL/SQL buffer overrun vulnerability. This is in the Apache front end affecting Windows NT/2K, where Apache runs in the System (root) account and consequently allows code to run with full privileges.

One problem is that the admin help pages are not PW protected. Thus a call to one of the pages can initiate a buffer overflow if it contains enough garbage (around 1K bytes). A quick fix would be to alter the admin path with something unique, making it difficult to guess.

Next, a directory traversal is possible due to a URL decoding glitch. This would allow an attacker to move from the Web environment to read files readable to the OS.
It's also possible to administer PL/SQL DADs (Database Access Descriptors) without authentication, Litchfield has discovered. An obvious goal in this case would be to add a password so the attacker can escalate his privileges.

Litchfield's paper should be required reading for anyone, specially for admins of Oracle box.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »