Skip navigation.

Paul Wright

Syndicate content
(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)
Updated: 10 hours 26 min ago

April 2014 CPU

Tue, 2014-04-29 16:54
Hi Oracle Security Folks, Thanks to Oracle for fixing a batch of research I sent over in August 2013 regarding ADVISOR, DIRECTORIES, GAOP(GRANT ANY OBJECT PRIVILEGE) and also a critical privilege escalation which gains 8.5 in the CPU which I am not going to publish here as I want to give folks time to patch. [...]

INDEX to SYSDBA without SELECT

Thu, 2014-03-27 08:21
Hello Oracle Security Readers, If we combine the following factors together then we can identify an escalation route from Index on SYSTEM to SYSDBA which does not require SELECT privileges on the indexed table: 1. SYSTEM passes it’s DBA role through it’s procedures. 2. Oracle indexes allow execution from read via functions i.e. INDEX can [...]