Oracle Data Redaction is Broken
From: <david_at_databasesecurity.com>
Date: Wed, 16 Jul 2014 13:45:06 +0100
Message-ID: <D72540C33C494FC9B4D826DD48A3650E_at_NAUTILUS>
Hey all,
As part of yesterday’s Critical Patch Update, Oracle fixed 3 security flaws in data redaction services – one a privilege escalation vulnerability and two redaction bypass methods. I reported these issues to Oracle in November last year and have documented them here: http://www.davidlitchfield.com/Oracle_Data_Redaction_is_Broken.pdf Cheers,
David
Date: Wed, 16 Jul 2014 13:45:06 +0100
Message-ID: <D72540C33C494FC9B4D826DD48A3650E_at_NAUTILUS>
Hey all,
As part of yesterday’s Critical Patch Update, Oracle fixed 3 security flaws in data redaction services – one a privilege escalation vulnerability and two redaction bypass methods. I reported these issues to Oracle in November last year and have documented them here: http://www.davidlitchfield.com/Oracle_Data_Redaction_is_Broken.pdf Cheers,
David
-- http://www.freelists.org/webpage/oracle-lReceived on Wed Jul 16 2014 - 14:45:06 CEST