http://weblogtoolscollection.com/news/ Weblogtoolscollection News Topic: Unauthenticated Flaws in Network Protocols en Thu, 23 May 2013 13:36:11 +0000 http://weblogtoolscollection.com/news/topic/unauthenticated-flaws-in-network-protocols#post-10112 Tue, 07 Feb 2012 07:23:48 +0000 Suvham 10112@http://weblogtoolscollection.com/news/ <p>Arguably the most famous bug in this class is the bug exploited by the SQL Server “Slammer” worm. The SQL<br /> Server Resolution Service operates over a UDP protocol, by default on port 1434. It exposes a number of<br /> functions, two of which were vulnerable to buffer overflow issues (CAN-2002-0649). These bugs were<br /> discovered by David Litchfield of NGS. Another SQL Server problem in the same category was the “hello”<br /> bug (CAN-2002-1123) discovered by Dave Aitel of Immunity, Inc., which exploited a flaw in the initial<br /> session setup code on TCP port 1433.</p> <p>Oracle has not been immune to this category — most recently, David Litchfield found an issue with<br /> environment variable expansion in Oracle’s “extproc” mechanism that can be exploited without a username<br /> or password (CAN-2004-1363). Chris Anley of NGS discovered an earlier flaw in Oracle’s extproc<br /> mechanism (CAN-2003-0634) that allowed for a remote, unauthenticated buffer overflow. Mark Litchfield<br /> of NGS discovered a flaw in Oracle’s authentication handling code whereby an overly long username<br /> would trigger an exploitable stack overflow (CAN-2003-0095). David Litchfield also found a flaw in<br /> DB2’s JDBC Applet Server (no CVE, but bugtraq id 11401) that allows a remote, unauthenticated user<br /> to trigger a buffer overflow. </p>