Three Tier Oracle Security in London ~ Paul M. Wright

ORACLE SECURITY AND COMPUTER FORENSICS

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

Archive for October, 2009

Reflecting back in time at Oracle security

Hello Oracle Security folks,
So what’s been happening in Oracle Security recently?
The delayed CPU has settled down and testing will begin. Some will install the PSU and some the CPU. Others will actually work out what the vulnerabilities are and manually mitigate thus reducing the risk of taking a step backwards. Revoking PUBLIC execute is safer [...]

October 25th, 2009 | Category: Uncategorized | Comments Off

CREATE TABLE to OSDBA

I have written a new paper entitled CREATE TABLE to OSDBA with reverse shell. The paper includes demo code for 11.1.0.7 Windows and UNIX (but not 10g).
The demo shows that granting EXECUTE on a directory in 11g to a user that possesses the common CREATE TABLE privilege is effectively equivalent to granting them OSDBA.
Once an [...]

October 14th, 2009 | Category: Uncategorized | Comments Off