Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

April 2014 CPU

Hi Oracle Security Folks,

Thanks to Oracle for fixing a batch of research I sent over in August 2013 regarding ADVISOR, DIRECTORIES, GAOP(GRANT ANY OBJECT PRIVILEGE) and also a critical privilege escalation which gains 8.5 in the CPU which I am not going to publish here as I want to give folks time to patch. http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html. Both of the issues fixed in the April DB Patch are from me this time.

Note that that the CVSS 8.5 was not discussed at any conferences – it’s new. Actually the CVSS 8.5 is detailed in my new book which has just come out after the patch release, and is available from Apress http://www.apress.com/9781430262114 and Amazon http://www.amazon.co.uk/Protecting-Oracle-Database-Paul-Wright/dp/1430262117. There is some new exploit research in there but the main thrust of the book is Defense and Protection – especially using Enterprise Manager/Cloud Control to Defend an estate and how to secure privileged access control mechanisms such as breakglass. I am very honored that Jonathan Gennick Edited the book, Arup Nanda Technically Reviewed the book, and that Slavik Markovich – CTO of McAfee – wrote a kind foreword to the book as well. There have also been quite a few other folks involved whom I list in the Acknowledgements section. It’s taken a year to write so hopefully you will like it.

Anyhow more detail to come on that in the future. For now I recommend installing the patch and reading the book…though it has to be said – that was where I was 9 months ago..and the world has not stopped spinning yet…Global SCN still rising :) but hopefully no maximum in sight yet!

Keep safe,
Paul

Leave a Reply

You must be logged in to post a comment.