Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "New attack technique puts Oracle in crosshairs"] [Next entry: "More Oracle exploits"]

Researcher charts new, more dangerous Oracle attack



Researcher charts new, more dangerous Oracle attack - The flaw could increase the dangers for unpatched systems -

"February 27, 2007 (Computerworld) -- In a paper he plans to discuss Wednesday at the Black Hat DC 2007 conference, noted database security researcher David Litchfield is expected to outline a new attack method against Oracle databases that boosts the danger to unpatched systems.

Litchfield, the managing director of U.K.-based NGSSoftware (Next Generation Security Software), has found a way to exploit Oracle vulnerabilities without requiring system privileges. The new tactic, which he spelled out in "Cursor Injection: A New Method for Exploiting PL/SQL Injection and Potential Defences (download PDF), increases the threat risk of many Oracle-disclosed bugs."