Oralce uses gethostbyname in "*skgxp*" libraries [CVE-2015-0235]

Recently there was a new vulnerability introduced in glibc library: Oracle is using the gethostbyname function in "*skgxp*" libraries: So this can be an issue – a specially in RAC environments. RedHat recommends to upgrade the glibc libraries: And I do agree ­čśë

Read more

Simple technics of privilege escalation ÔÇö part2: DBA=SYSDBA

A lot companies consolidates databases into one appliance – like for example Oracle Exadata. So you can have a lot of different databases in one physical cluster. And what if I tell you that you can execute any OS command as an oracle user, having just access to a database user with appropriate privileges? What […]

Read more

Privilege escalation in Oracle 11gR2 – part1

A few simple techniques of escalating privileges in database Oracle

Read more

Oracle Database Vault i szyfrowanie przstrzeni tabel VS administrator

Oracle stworzy┼é Database Vault’a, ┼╝eby chroni─ç wra┼╝liwe dane przed administratorem DB. Po instalacji produktu i stworzeniu tzw. REALM’├│w, SYSDBA traci uprawnienia do okre┼Ťlonych czynno┼Ťci ( zak┼éadanie kont i wiele polece┼ä ALTER) ale g┼é├│wnie traci mo┼╝liwo┼Ť─ç wybierania danych z tabel chronionych takim REALM’em. Sam Vault jednak nie wystarczy, bo admin maj─ůcy dost─Öp do plik├│w danych mo┼╝e […]

Read more
1 2

Contact us

Database Whisperers sp. z o. o. sp. k.
al. Jerozolimskie 200, 3rd floor, room 342
02-486 Warszawa
NIP: 5272744987
+48 508 943 051
+48 661 966 009

Newsletter Sign up to be updated