Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

Archive for February, 2007

Oracle forensics applied to vulnerability detection

SANS/GIAC have published my new GSOC on using computer forensics concepts applied to vulnerability detection in Oracle databases and it has gained a place in their Reading Room which is quite an honour. This is the URL for the GSOC and http://www.giac.org/certified_professionals/listing/gsoc.php and for the Reading Room http://www.sans.org/reading_room/whitepapers/application/ It gives a taste of what to [...]

Cursor Injection – A NewMethod for Exploiting PL/SQL Injection and Potential Defences

David Litchfield has a new paper out that is interesting as it shows how PLSQL injection can be carried out using only the CREATE SESSION privilege as well as utilising the Cursor Snarfing concept. It is called “Cursor Injection – A New Method for Exploiting PL/SQL Injection and Potential Defences” And is from this URL: [...]

Checksumming database objects to check integrity

In addtion to timestamps and filesize the checksum of a DB object such as a PLSQL package is useful to verify integrity. This query will provide all the object names and corresponding checksums in a given schema. select object_name,utl_raw.cast_to_raw(md5summer(object_type,object_name,owner)) from dba_objects where owner=’SYS’; Where md5summer is a function wrapped around dbms_obfuscation_toolkit.md5. Only problem is that [...]

VMware on Oracle Unbreakable Linux

Unbreakable Linux works well with Oracle database but I have noticed that Unbreakable Linux does not behave reliably in VMware and also does not act as a reliable host for VMware. This is interesting as RedHat Enterprise 4 is fine with VMware in both respects.

Interesting Payload to PLSQL exploit at Milw0rm

Interesting exploit payload below. http://www.milw0rm.com/exploits/3177 ——————————– v_commands := ‘insert into sys.sysauth$ ‘ || ‘ values’ || ‘(‘ || v_user_id || ‘,4,’ || ’999,null)’; ——————————- Instead of grant dba to scott the exploit payload inserts the values into sysauth$. This will bypass many IDS signatures. David mentioned this to me quite a while ago and it [...]