ISC Feature of the Week: Handler Created Tools
Overview
A couple of weeks ago we learned about the handlers at https://isc.sans.edu/diary/ISC+Feature+of+the+Week+Get+to+know+the+Handlers/12985. Today's feature highlights our Handler Created Tools page at https://isc.sans.edu/tools/handler_created.html.
Features
- A link to the handler tool page is now on https://isc.sans.edu/handler_list.html for handlers with tools posted!
- Each handler section is separated and accessible directly by name ref #[handlername]
- The tools are currently categorized by ones that can be:
- Downloaded and run/installed
- Accessed online
- Available on a mobile platform
Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form
--
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center https://isc.sans.edu
Critical Unpatched Oracle Vulnerability
Oracles April "Critical Patch Update" listed a vulnerability in the TNS Listener services as one of the patched vulnerabilities. Sadly, it turns out that current versions of Oracle are not patched. Instead, the vulnerability will apparently only be fixed in future versions of the Oracle database. According to a statement from Oracle quoted by the discoverer of the vulnerability, the fix would have possible had stability issues for current versions of Oracle. [1]
The vulnerability was responsibly reported to Oracle back in 2008. Upon release of the April CPU, Joxean Koret, who originally found the vulnerability, came forward with additional details including a proof of concept exploit, fully expecting that a patch is now available.
So in short: We got an unpatched remote code execution vulnerability in all current versions of Oracle with proof of concept exploit code.
Joxean's details published after the CPU release also include some useful workarounds [2]. Please refer to the post for details.
[1] http://seclists.org/fulldisclosure/2012/Apr/343
[2] http://seclists.org/fulldisclosure/2012/Apr/204
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago