Weblogtoolscollection News » Wordpress News

Unauthenticated Flaws in Network Protocols

  • Topic started 2 years ago
  • 1 posts so far
  • Latest reply from Suvham

  1. Arguably the most famous bug in this class is the bug exploited by the SQL Server “Slammer” worm. The SQL
    Server Resolution Service operates over a UDP protocol, by default on port 1434. It exposes a number of
    functions, two of which were vulnerable to buffer overflow issues (CAN-2002-0649). These bugs were
    discovered by David Litchfield of NGS. Another SQL Server problem in the same category was the “hello”
    bug (CAN-2002-1123) discovered by Dave Aitel of Immunity, Inc., which exploited a flaw in the initial
    session setup code on TCP port 1433.

    Oracle has not been immune to this category — most recently, David Litchfield found an issue with
    environment variable expansion in Oracle’s “extproc” mechanism that can be exploited without a username
    or password (CAN-2004-1363). Chris Anley of NGS discovered an earlier flaw in Oracle’s extproc
    mechanism (CAN-2003-0634) that allowed for a remote, unauthenticated buffer overflow. Mark Litchfield
    of NGS discovered a flaw in Oracle’s authentication handling code whereby an overly long username
    would trigger an exploitable stack overflow (CAN-2003-0095). David Litchfield also found a flaw in
    DB2’s JDBC Applet Server (no CVE, but bugtraq id 11401) that allows a remote, unauthenticated user
    to trigger a buffer overflow.

    Posted: 2 years #

RSS feed for this thread

This topic has been closed to new replies.


Back to top

0.119 - 12 queries