|
|
| MSSQL2K |
ORACLE8i |
| 1. A
vulnerability
has been discovered in Microsoft
SQL Server that could make it possible for remote attackers to gain
access to target hosts. It is possible for an attacker to cause a buffer overflow condition on the vulnerable SQL server with a malformed login request. This may allow a remote attacker to execute arbitrary code as the SQL Server process. This vulnerability reportedly occurs even before authentication can proceed. http://www.securityfocus.com/bid/5411/discussion/ |
http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf
(они правда почему-то говорят, что это только ДОС-атака :)) A buffer overflow exists that allows an anonymous attacker to execute arbitrary shell commands under the security context of the listener service. In the first packet sent to an Oracle listener, a connection string is sent which describes the database to which to connect and includes optional commands. Within the connection string is a field called SERVICE_NAME. When the SERVICE_NAME is 8000 bytes or longer, a buffer overflow occurs in the listener service. Platforms affected MS Windows and VM only. (Note: Unix, VMS, OS/390 are not affected) ---------- да у microsoft с безопасностью фигово, именно это я в принципе и доказываю, у unix таких проблем нет. http://www.oracle.com/technology/deploy/security/pdf/2003alert57.pdf Utilizing an Oracle Listener configured with a TCP protocol address, a knowledgeable and malicious user can write an exploit that connects to an Oracle Database server’s EXTPROC OS process without having to provide a database username and password. As such, it is possible to make arbitrary calls to the underlying OS and potentially gain unauthorized administrative access to the machine hosting the Oracle Database server. The EXTPROC functionality is installed by default in the Oracle Database installation if the “Typical Installation” option is chosen from the Oracle Universal Installer menu. EXTPROC is used by Oracle’s PL/SQL software to make calls to the operating system. ------- ЗАЧЕТ: я только еще посмотрю долже ли он быть сначала сконфигурен перед тем как его можно поломать. P.S. http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf это 10ка. |
| 2. There is an
inconsistency between the interface
definitions in certain RPC server stubs and the remote server's input
validation code. If certain input is validated by the interface definition, there is a chance that the target server will not properly validate the input. Thus, possibly impacting the server's performance and other applications running on the affected host. The RPC servers associated with system services in Exchange, SQL, Windows NT 4.0 and Windows 2000 are subject to this issue. http://www.securityfocus.com/bid/3104/discussion/ |
незаметил, это DoS т.е. не в тему.
согласен. |
3. VU#225555 - Microsoft SQL Server contains buffer overflow in |
> переполнение буфера в хранимой
процедуре - нужен валидный > логин и определенные привелегии > тут СОРОК ЧЕТЫРЕ подобных ошибки... не все про 8ку... но > почитать интересно будет :) я знаю такой :) sa и с привилегия ми все ОК, да и нет ни в одном алерте упоминаний о привелегиях. НЕЗАЧЕТ |
4. VU#399260 - Microsoft SQL Server 2000 contains heap buffer overflow in |
>4. переполнение буфера в сервисе,
который иногда ставят это дефаултная инсталяция. (как и oracle extproc) НЕЗАЧЕТ. |
5. VU#484891 - Microsoft SQL Server 2000 contains stack buffer overflow in |
> 5. тоже самое... видимо для
крутизны > ну вот похоже :) > http://www.appsecinc.com/resources/alerts/oracle/02-0014.ht ml смотрим и удивляемся а какая связь с RDBMS ? ... речь про Oracle Enterprise Manager (EM) SNMP monitoring capability for Oracle Database >http://www.oracle.com/technology/deploy/security/pdf/OLS817alert.pdf Three security vulnerabilities have been discovered in Oracle Label Security which may allow users to gain a higher level of access to data. т.е. ни в какое сравнение с unauthenticated remote attackers не идет. НЕЗАЧЕТ. |
6. Microsoft SQL Server uses LPC (Local Procedure Calls) to |
>локальный эксплоит. нужно работать
на машине с СКЛ-сервером >и быть аутентифицированным пользователем чтоб послать на tpc порт не нужно быть "аутентифицированным пользователем" The port providing this service can be used by anyone. |
7. Microsoft SQL Server supports SQL queries over a named pipe. This |
>7. ДОС по наймедпайпам - см. п.п.2 тут еще посмотрю что такое: therefor |
8. MS SQL Server has two means of authenticating users. One uses Windows |
> 8. плохой алгоритм шифрации пароля
при пересылке > "встроенной" аутентификации я знаю :) поэтому этот баг сдесь. >читать _внимательно >http://www.dbspecialists.com/presentations/net8_security.htm в свое время я достаточно внимательно читал оригинал :) боюсь ничего нового я там не увижу ... НЕЗАЧЕТ. |
| The Slammer worm penetrated a private
computer network at Ohio's
Davis-Besse nuclear power plant in January and disabled a safety
monitoring system for nearly five hours, despite a belief by plant
personnel that the network was protected by a firewall, SecurityFocus
has learned. http://www.theregister.com/2003/08/20/slammer_worm_crashed_ohio_nuke/ |
|
| Some Bank of America ATMs were still
out Monday, primarily in the
Southeast, a bank spokesman said. And analysts blamed a dip in South
Korea's stock market on the worm taking down most Internet connections
in the country over the weekend. http://www.cnn.com/2003/TECH/internet/01/27/worm.why/ |
|
| Почти все заказчики крупнейшего ISP
Южной Кореи KT Corp лишились связи.
В Китае прекратилось обновление сайтов и существенно замедлился доступ
к ним. Наконец, червь подточил серверы доменных имен. http://www.zdnet.ru/?ID=294867 |
|
| On Thursday, London-based market
intelligence firm Mi2g said that the
worm caused between $950 million and $1.2 billion in lost productivity
in its first five days worldwide. http://news.com.com/Counting+the+cost+of+Slammer/2100-1001_3-982955.html |