Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

Archive for May, 2008

11g Security

As soon as 11g came out I tested the ability to brute force it as per the NISR paper I wrote a while back.. http://www.ngssoftware.com/research/papers/oraclepasswords.pdf (moved to http://www.ngssoftware.com/Libraries/Documents/01_07_Oracle_Passwords_and_OraBrute.sflb.ashx) Great news as Oracle have fixed the listener so that multiple connections can not be made in quick succession. The listener in 11g will indeed slow down [...]

Application Server Vulnerability

http://www.securityfocus.com/archive/1/491865 In short if an unauthenticated user makes this request: “http:/site/pls/portal/%0A” Then they will be able to access this URL “http://site/dav_portal/portal/” as though they were authenticated. Interesting bug i thought. Also I came across the web site below the other day which has some interesting material on it regarding Oracle Security such as 10g password [...]

11g vulnerabilities ~ more detail

More details on April 2008 CPU vulnerabilities. http://www.securityfocus.com/archive/1/491521 http://www.securityfocus.com/archive/1/491522 http://www.securityfocus.com/archive/1/491524 Exploit code may be in the pipeline so check Millw0rm etc. Note that the last two affect 11g as well. The CPU installation has been smoother and more reliable in my experience so should seriously think about installing this especially if your DB needs to [...]