SECURITY
28.01.2015

Oralce uses gethostbyname in "*skgxp*" libraries [CVE-2015-0235]

Recently there was a new vulnerability introduced in glibc library: http://www.openwall.com/lists/oss-security/2015/01/27/9 Oracle is using the gethostbyname function in "*skgxp*" libraries: So this can be an issue – a specially in RAC environments. RedHat recommends to upgrade the glibc libraries: https://access.redhat.com/articles/1332213 And I do agree ­čśë


Read more
SECURITY
23.12.2014

Simple technics of privilege escalation ÔÇö part2: DBA=SYSDBA

A lot companies consolidates databases into one appliance – like for example Oracle Exadata. So you can have a lot of different databases in one physical cluster. And what if I tell you that you can execute any OS command as an oracle user, having just access to a database user with appropriate privileges? What […]


Read more
SECURITY
02.04.2013

Privilege escalation in Oracle 11gR2 – part1

A few simple techniques of escalating privileges in database Oracle 11.2.0.3. http://ora-600.pl/art/oracle_privilege_escalation.pdf


Read more
SECURITY
15.03.2013

Oracle Database Vault i szyfrowanie przstrzeni tabel VS administrator

Oracle stworzy┼é Database Vault’a, ┼╝eby chroni─ç wra┼╝liwe dane przed administratorem DB. Po instalacji produktu i stworzeniu tzw. REALM’├│w, SYSDBA traci uprawnienia do okre┼Ťlonych czynno┼Ťci (m.in. zak┼éadanie kont i wiele polece┼ä ALTER) ale g┼é├│wnie traci mo┼╝liwo┼Ť─ç wybierania danych z tabel chronionych takim REALM’em. Sam Vault jednak nie wystarczy, bo admin maj─ůcy dost─Öp do plik├│w danych mo┼╝e […]


Read more
1 2

Contact us

Database Whisperers sp. z o. o. sp. k.
al. Jerozolimskie 200, 3rd floor, room 342
02-486 Warszawa
NIP: 5272744987
REGON:362524978
+48 508 943 051
+48 661 966 009
info@ora-600.pl

Newsletter Sign up to be updated