Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

ISC Feature of the Week: Handler Created Tools

Published: 2012-04-27
Last Updated: 2012-04-27 20:02:12 UTC
by Adam Swanger (Version: 1)
0 comment(s)

Overview

A couple of weeks ago we learned about the handlers at https://isc.sans.edu/diary/ISC+Feature+of+the+Week+Get+to+know+the+Handlers/12985. Today's feature highlights our Handler Created Tools page at https://isc.sans.edu/tools/handler_created.html.

Features

  • A link to the handler tool page is now on https://isc.sans.edu/handler_list.html for handlers with tools posted!
  • Each handler section is separated and accessible directly by name ref #[handlername]
  • The tools are currently categorized by ones that can be:
    • Downloaded and run/installed
    • Accessed online
    • Available on a mobile platform

 

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form
--
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center https://isc.sans.edu

Keywords: ISC feature
0 comment(s)
Microsoft has added MSSQL 2008 R2 SP1 to the list of affected software for MS12-027 (Thanks Ryan). More info here --> http://technet.microsoft.com/security/bulletin/ms12-027
ISC StormCast for Friday, April 27th 2012 http://isc.sans.edu/podcastdetail.html?id=2497

Critical Unpatched Oracle Vulnerability

Published: 2012-04-27
Last Updated: 2012-04-27 01:27:42 UTC
by Johannes Ullrich (Version: 1)
2 comment(s)

Oracles April "Critical Patch Update" listed a vulnerability in the TNS Listener services as one of the patched vulnerabilities. Sadly, it turns out that current versions of Oracle are not patched. Instead, the vulnerability will apparently only be fixed in future versions of the Oracle database. According to a statement from Oracle quoted by the discoverer of the vulnerability, the fix would have possible had stability issues for current versions of Oracle. [1]

The vulnerability was responsibly reported to Oracle back in 2008. Upon release of the April CPU, Joxean Koret, who originally found the vulnerability, came forward with additional details including a proof of concept exploit, fully expecting that a patch is now available.

So in short: We got an unpatched remote code execution vulnerability in all current versions of Oracle with proof of concept exploit code.

Joxean's details published after the CPU release also include some useful workarounds [2]. Please refer to the post for details.

[1] http://seclists.org/fulldisclosure/2012/Apr/343
[2] http://seclists.org/fulldisclosure/2012/Apr/204

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: oracle
2 comment(s)
Diary Archives