I’ve started the project called RICO – the tool, written in C++ for last resort data recovery. It can be used to extract data from corrupted datafiles and dump them in the form of text files. It is in the early development stage right now and the functionalities are narrowed to: Dump regular and partitioned […]
Recently there was a new vulnerability introduced in glibc library: http://www.openwall.com/lists/oss-security/2015/01/27/9 Oracle is using the gethostbyname function in "*skgxp*" libraries: So this can be an issue – a specially in RAC environments. RedHat recommends to upgrade the glibc libraries: https://access.redhat.com/articles/1332213 And I do agree 😉
A lot companies consolidates databases into one appliance – like for example Oracle Exadata. So you can have a lot of different databases in one physical cluster. And what if I tell you that you can execute any OS command as an oracle user, having just access to a database user with appropriate privileges? What […]
A few simple techniques of escalating privileges in database Oracle 11.2.0.3. http://ora-600.pl/art/oracle_privilege_escalation.pdf
Oracle stworzył Database Vault’a, żeby chronić wrażliwe dane przed administratorem DB. Po instalacji produktu i stworzeniu tzw. REALM’ów, SYSDBA traci uprawnienia do określonych czynności (m.in. zakładanie kont i wiele poleceń ALTER) ale głównie traci możliwość wybierania danych z tabel chronionych takim REALM’em. Sam Vault jednak nie wystarczy, bo admin mający dostęp do plików danych może […]