Re: Oracle Data Redaction is Broken
From: Niall Litchfield <niall.litchfield_at_gmail.com>
Date: Wed, 16 Jul 2014 15:13:37 +0100
Message-ID: <CABe10sZrZ2V6t7jqT4fNYYy9_aD10ufguDgRHgm+27fqVkpjhA_at_mail.gmail.com>
Thanks David.
On 16 Jul 2014 13:47, <david_at_databasesecurity.com> wrote:
Date: Wed, 16 Jul 2014 15:13:37 +0100
Message-ID: <CABe10sZrZ2V6t7jqT4fNYYy9_aD10ufguDgRHgm+27fqVkpjhA_at_mail.gmail.com>
Thanks David.
On 16 Jul 2014 13:47, <david_at_databasesecurity.com> wrote:
> Hey all,
> As part of yesterday’s Critical Patch Update, Oracle fixed 3 security
> flaws in data redaction services – one a privilege escalation vulnerability
> and two redaction bypass methods. I reported these issues to Oracle in
> November last year and have documented them here:
> http://www.davidlitchfield.com/Oracle_Data_Redaction_is_Broken.pdf
> Cheers,
> David
>
-- http://www.freelists.org/webpage/oracle-lReceived on Wed Jul 16 2014 - 16:13:37 CEST