[Previous entry: "New attack technique puts Oracle in crosshairs"] [Next entry: "More Oracle exploits"]
Researcher charts new, more dangerous Oracle attack
March 5th, 2007 by Pete
Post to del.icio.us
Post to Furl
Researcher charts new, more dangerous Oracle attack - The flaw could increase the dangers for unpatched systems -
"February 27, 2007 (Computerworld) -- In a paper he plans to discuss Wednesday at the Black Hat DC 2007 conference, noted database security researcher David Litchfield is expected to outline a new attack method against Oracle databases that boosts the danger to unpatched systems.
Litchfield, the managing director of U.K.-based NGSSoftware (Next Generation Security Software), has found a way to exploit Oracle vulnerabilities without requiring system privileges. The new tactic, which he spelled out in "Cursor Injection: A New Method for Exploiting PL/SQL Injection and Potential Defences (download PDF), increases the threat risk of many Oracle-disclosed bugs."
