How to hack unbreakable Oracle servers
Source: The Register
L33tdawg: The published paper on the hack can be found over here.
Security researcher David Litchfield has identified a vast number of attacks against Oracle application servers and has written them up in a paper which includes defensive strategies as well.
From this we learn, contrary to Oracle President Larry Ellison's claims, that Oracle is vulnerable to buffer overflow attacks, DoS attacks, and remote exploitation to name but a few difficulties.
Litchfield willingly allows that Oracle makes the most secure product on the market, and compliments Oracle for its obvious dedication to security. But as for being unbreakable, well, we all know that nothing is.
First up we have a PL/SQL buffer overrun vulnerability. This is in the Apache front end affecting Windows NT/2K, where Apache runs in the System (root) account and consequently allows code to run with full privileges.
One problem is that the admin help pages are not PW protected. Thus a call to one of the pages can initiate a buffer overflow if it contains enough garbage (around 1K bytes). A quick fix would be to alter the admin path with something unique, making it difficult to guess.