Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

July Security Alert

Hi Oracle Security Folks,

The July Oracle Security Alert is out. My part is smaller than last quarter as just an In-Depth Credit, but Mr David Litchfield makes a triumphal return with some excellent new research.
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
There is a CVSS 9 and a remote unauthenticated issue in this patch so worth installing this one. I note that there is normally a dedicated security patch for Linux but the Windows version is part of a Larger Bundle.

So the general advice is that there are still quite a lot of Index Function escalations and it is especially important to check for indexes granted to public on tables owned by privileged users.

For example:

select grantor from dba_tab_privs where privilege='INDEX' and grantee='PUBLIC';

Definitely worth tuning up the monitoring system to alert to unauthorised index usage!

In other news I noticed that the stealth SYS locking feature is now reverted by Oracle in 12.1.0.2 – good move in my view. Maybe some more to come on this in the future.

Additionally the 12.1.0.2 has excellent new In memory feature but watch out for license implications as it is turned on by default.

There is a load more unpatched and unpublished research going round currently but unfortunately cannot discuss here at this time.
However Apress are currently offering my new updated book at a very reasonable price at this URL http://www.apress.com/9781430262114.
Springer are handling paper sales at this URL http://www.springer.com/computer/database+management+%26+information+retrieval/book/978-1-4302-6211-4
Amazon are even offering my book in Kindle format http://www.amazon.co.uk/Protecting-Oracle-Database-Paul-Wright/dp/1430262117

As time goes on 12c will eventually go out of date, but my “Protecting Oracle” book has material on Privileged Access Control which applies to all version of Oracle moving forward, so I believe you will enjoy the read, and find it a useful investment.

Stay safe,
Paul

Leave a Reply

You must be logged in to post a comment.