Computer Security
[EN] securityvulns.ru no-pyccku


Oracle for Windows privilege escalation
Published:10.03.2007
Source:
SecurityVulns ID:7371
Type:local
Threat Level:
6/10
Description:Weak permissions for memories sections and named pipes inside oracle process allow code execution with local system account.
CVE:CVE-2007-1442 (Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.)
Original documentdocumentc c, [Argeniss] Practical 10 minutes security audit: Oracle Case (Paper) (10.03.2007)
Files:Oracle Database local elevation of privileges PoC exploit
 Practical 10 minutes security audit: Oracle Case

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod