Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

11g vulnerabilities ~ more detail

More details on April 2008 CPU vulnerabilities.
http://www.securityfocus.com/archive/1/491521
http://www.securityfocus.com/archive/1/491522
http://www.securityfocus.com/archive/1/491524
Exploit code may be in the pipeline so check Millw0rm etc. Note that the last two affect 11g as well. The CPU installation has been smoother and more reliable in my experience so should seriously think about installing this especially if your DB needs to restrict privilege to DB users i.e. low privileged users access Oracle directly.
For custom packages it is also worth auditing your PL/SQL packages using plsqlscanner or similar http://www.red-database-security.com/software/plsqlscanner.html
Details about the DB04 vulnerability which I found are available at my publisher’s URL . http://www.dba-oracle.com/forensics/t_forensics_vulnerable.htm

Leave a Reply

You must be logged in to post a comment.