SECURITY
11.10.2015

Secure your database (part 1)

I’ve already showed you, how to escalate privileges in Oracle Databases. https://blog.ora-600.pl/2013/04/02/privilege-escalation-in-oracle-11gr2-part1/ https://blog.ora-600.pl/2014/12/23/simple-technics-of-privilege-escalation-part2-dbasysdba/ The question is – how to secure your database, if you don’t have EE or possibility to buy Oracle Database Vault or Oracle Advanced Security. Well – there’s always a DBA creativity ­čśë For example – if you want to secure the […]


Read more
[PL] Browar z Wyroczni─ů
04.09.2015

Jak smakuje Browar z Wyroczni─ů

I by┼éo tak, ┼╝e 31 dnia miesi─ůca sierpnia roku 2015, spotkali si─Ö┬áentuzja┼Ťci┬áWyroczni w posiad┼éo┼Ťci AVIVA. I by┼éo tak, ┼╝e dzier┼╝─ůc┬ákufle┬á– po brzegi browarem wype┼énione – zasiad┼éo wielu aby pos┼éucha─ç kilku, kt├│rzy chcieli si─Ö┬áprzemy┼Ťleniami swoimi podzieli─ç. I sta┼éo si─Ö tak, ┼╝e admin przepija┼é do dewelopera a deweloper do admina i pospo┼éu dyskusja toczy┼éa si─Ö wartka a […]


Read more
RICO
03.09.2015

RICO

I’ve started the project called RICO – the tool, written in C++ for last resort data recovery. It can be used to extract data from corrupted datafiles and dump them in the form of text files. It is in the early development stage right now and the functionalities are narrowed to: Dump regular and partitioned […]


Read more
SECURITY
28.01.2015

Oralce uses gethostbyname in "*skgxp*" libraries [CVE-2015-0235]

Recently there was a new vulnerability introduced in glibc library: http://www.openwall.com/lists/oss-security/2015/01/27/9 Oracle is using the gethostbyname function in "*skgxp*" libraries: So this can be an issue – a specially in RAC environments. RedHat recommends to upgrade the glibc libraries: https://access.redhat.com/articles/1332213 And I do agree ­čśë


Read more
SECURITY
23.12.2014

Simple technics of privilege escalation ÔÇö part2: DBA=SYSDBA

A lot companies consolidates databases into one appliance – like for example Oracle Exadata. So you can have a lot of different databases in one physical cluster. And what if I tell you that you can execute any OS command as an oracle user, having just access to a database user with appropriate privileges? What […]


Read more
SECURITY
02.04.2013

Privilege escalation in Oracle 11gR2 – part1

A few simple techniques of escalating privileges in database Oracle 11.2.0.3. http://ora-600.pl/art/oracle_privilege_escalation.pdf


Read more
SECURITY
15.03.2013

Oracle Database Vault i szyfrowanie przstrzeni tabel VS administrator

Oracle stworzy┼é Database Vault’a, ┼╝eby chroni─ç wra┼╝liwe dane przed administratorem DB. Po instalacji produktu i stworzeniu tzw. REALM’├│w, SYSDBA traci uprawnienia do okre┼Ťlonych czynno┼Ťci (m.in. zak┼éadanie kont i wiele polece┼ä ALTER) ale g┼é├│wnie traci mo┼╝liwo┼Ť─ç wybierania danych z tabel chronionych takim REALM’em. Sam Vault jednak nie wystarczy, bo admin maj─ůcy dost─Öp do plik├│w danych mo┼╝e […]


Read more
1 2

Contact us

Database Whisperers sp. z o. o. sp. k.
al. Jerozolimskie 200, 3rd floor, room 342
02-486 Warszawa
NIP: 5272744987
REGON:362524978
+48 508 943 051
+48 661 966 009
info@ora-600.pl

Newsletter Sign up to be updated