Showing posts from 2013

Oracle Listener Information Disclosure

The other day I noticed a strange response I hadn't seen before when running a VERSION command against an Listener: It seemed as though the Listener was leaking memory. I was able to reproduce this issue across other nodes in the RACs I had access to. Instead of the standard 348 byte TNS VERSION response I was getting a 2011 byte TNS response: I was also able to reproduce the result by running the VERSION command locally using the lsnrctl utility. With a bit of digging it seems as though Listeners with CPU April 2012 (patchset 13621679) are vulnerable to a memory leak issue. Most likely due to a buffer not being terminated/copied correctly. This flaw could potentially come in handy during a pentest when trying to enumerate SIDs/Service names: I was unable to reproduce this flaw on Listeners patched with CPU July 2012 (patchset  13923474) -- meaning Oracle are most likely wise to the issue... Note: I was able to notice this issue as

S/MIME: Bucking the phishing trend

In recent years, phishing has become an increasingly profitable attack vector for online scammers. According to RSA’s The Year in Phishing (2013) report, the total number of phishing attacks in 2012 increased by 59% and resulted in global losses of $USD 1.5 billion. With this upward trend in online fraud predicted to continue, it’s pertinent to take a look at how these attacks are so successful and what can be done to buck the increasing trend of online fraud. Phishing is the process whereby someone (malicious) masquerades as a trusted entity to solicit information. Relying on the art of deception, these attacks fair particularly well online as people are less likely to pick up on the fraud cues. Phishers frequently target email as their preferred attack medium due to its lack of security controls – in particular, the absence of authentication. The critical issue surrounding email is trust. That is, how can we trust an email has come from who it purports to come from? If we look at