Feeds
268038 items (7 unread) in 27 feeds
-
0day.today (was: 1337day, Inj3ct0r, 1337db)
-
OSVDB Vulnerabilities
-
Exploit-DB
-
SecurityFocus Vulnerabilities
-
Bugtraq
-
Full Disclosure
-
XSSed
-
Packet Storm Security Headlines (7 unread)
-
-
-
-
-
-
Sophos security news
-
-
Penetration Testing
-
SecuriTeam
-
BackTrack Linux Forums
-
Threatpost
-
SecDocs
-
carnal0wnage.attackresearch.com
-
Carnal0wnage
-
-
Darknet
-
The Exploitant
-
Hack a Day
-
Wirevolution
«
Expand/Collapse
Packet Storm Security Advisories
-
OracleRemExecService Command Execution
Posted: January 21st, 2011, 1:32pm PST
Tags: pipe oracleremexecservice service oracle-universal-installer database-configuration-assistant command-execution
Team SHATTER Security Advisory - It is possible to execute arbitrary operating system commands as localsystem when certain maintenance tasks are executed. For instance, when Database Configuration Assistant is invoked or Oracle Universal Installer is used to modify features. These tools use a Windows service to execute various commands: the service itself relies on a named pipe to receive the commands. The pipe handling is not secure enough resulting in the vulnerability.