Securing Java In Oracle and DBMS_JVM_EXP_PERMS
David Litchfield’s Java/Oracle security research has been made public by the Blackhat conference in DC before it is patched by Oracle. Additionally there is some misinformation going round that this work only affects 11.2 which is incorrect as it affects 10.2.0.4.3 as well. These vulnerabilities are theoretically easy to fix but since theoretical is not good enough for real world I have written a short paper to explain how to test the fixes before deploying them, along with some analysis about preventing this type of issue in the future. This is in my opinion the most serious research for a long time and needs to be acted on, so hopefully this paper will help solve a few headaches out there.