Variations in Exploit methods between Linux and Windows
This paper will examine the differences and commonality in the way a vulnerability common to both Windows and Linux is exploited on each system.
The Vulnerability
The vulnerability that will be discussed in this paper is a classic stack based overflow in OracleÕs RDBMS 9.2.0.1. As well as offering the standard SQL service, Oracle 9i has introduced the Oracle XML Database Ð or XDB. The Oracle XDB can be accessed via an HTTP based service on TCP port 8080 or an ftp based service on TCP port 2100. The Oracle XDB suffers from multiple buffer overflow vulnerabilities.
XDB HTTP Overly Long Username or Password
To use the Web based XDB services a user must authenticate. This is done by passing credentials to the server using Base64 encoding. An overly long username or password will overflow a stack based buffer.
XDB FTP Overly Long Username or Password
By supplying an overly long username or password to the ftp XDB service, again, a stack based buffer is overflowed. The vulnerable portion of code is different from that of the Web XDB username/password overflow.
XDB FTP test command
As well as supporting most of the standard ftp commands, there is a ÒtestÓ command in the XDB ftp service. Passing an overly long parameter to this command will cause a buffer to overflow.
XDB FTP unlock command
By passing an overly long token to the UNLOCK command a stack based buffer overflow occurs.
This paper will use this latter vulnerability for comparison purposes.