Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16309
HistoryMar 10, 2007 - 12:00 a.m.

[Argeniss] Practical 10 minutes security audit: Oracle Case (Paper)

2007-03-1000:00:00
vulners.com
17
JSON

Hi.

Abstract:
This paper will show a extremely simple technique to
quickly audit a software product in order
to infer how trustable and secure it is. I will show
you step by step how to identify half dozen
of local 0day vulnerabilities in few minutes just
making a couple of clicks on very easy to use
free tools, then for the technical guys enjoyment the
vulnerabilities will be easily pointed out
on disassembled code and detailed, finally a 0day
exploit for one of the vulnerabilities will be
demonstrated.
While this technique can be applied to any software in
this case I will take a look at the latest
version of Oracle Database Server: 10gR2 for Windows,
which is a extremely secure product
so it will be a very difficult challenge to find
vulnerabilities since Oracle is using advanced next
generation tools to identify and fix vulnerabilities

http://www.argeniss.com/research/10MinSecAudit.zip
(PoC exploit included)

Thanks.

Cesar.

Need Mail bonding?
Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users.
http://answers.yahoo.com/dir/?link=list&sid=396546091

JSON