Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed

July Security Alert

Hi Oracle Security Folks,

The July Oracle Security Alert is out. My part is smaller than last quarter as just an In-Depth Credit, but Mr David Litchfield makes a triumphal return with some excellent new research.
There is a CVSS 9 and a remote unauthenticated issue in this patch so worth installing this one. I note that there is normally a dedicated security patch for Linux but the Windows version is part of a Larger Bundle.

So the general advice is that there are still quite a lot of Index Function escalations and it is especially important to check for indexes granted to public on tables owned by privileged users.

For example:

select grantor from dba_tab_privs where privilege='INDEX' and grantee='PUBLIC';

Definitely worth tuning up the monitoring system to alert to unauthorised index usage!

In other news I noticed that the stealth SYS locking feature is now reverted by Oracle in – good move in my view. Maybe some more to come on this in the future.

Additionally the has excellent new In memory feature but watch out for license implications as it is turned on by default.

There is a load more unpatched and unpublished research going round currently but unfortunately cannot discuss here at this time.
However Apress are currently offering my new updated book at a very reasonable price at this URL
Springer are handling paper sales at this URL
Amazon are even offering my book in Kindle format

As time goes on 12c will eventually go out of date, but my “Protecting Oracle” book has material on Privileged Access Control which applies to all version of Oracle moving forward, so I believe you will enjoy the read, and find it a useful investment.

Stay safe,

Leave a Reply

You must be logged in to post a comment.