Hey all,
If you would like to see a demonstration of how to GRANT DBA TO PUBLIC as a low privileged user, I have written a short paper which shows you exactly how to do so. It is based on imperva's bug finding and a demonstration I have seen by Alex Kornbrust. You can read the paper here www.orasec.com
Paul
Subscribe to:
Post Comments (Atom)
4 comments:
This is little scary. I must check if this is still issue in 10.2.0.3.
It will be very interesting blog for me.
Hi Paul,
When will you be publishing your security book? According to the web sites, it's past due:
http://www.rampant-books.com/book_2007_1_oracle_forensics.htm
Hi Pawel,
I think they fixed it in 10.2.0.3. but can't be sure unless you test for the vulnerability. Upgrades not always 100%.
Paul
Hi Don,
Thanks for your query and apologies for the delay. Work has been very busy. It will be soon.
Paul
Post a Comment