Design/Logic Flaw

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI...

Re: The Weakness of Windows Impersonation Model

Hi Brian, I wrote a paper on this subject last year, "Snagging Security Tokens to Elevate Privileges" http://www.databasesecurity.com/dbsec-briefs.htm after Tim Mullen and thrashed out a few details at Blackhat last year over a few White Russians. The paper discusses the problem in the context of...