Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "SQLGotcha 4.0 beta released on Sourceforge"] [Next entry: "Site downtime"]

4 new Oracle exploits released



Alex has added 4 new exploits to the exploits section of his website. These are for bugs that have been fixed in recent CPU's. The exploits are:

"SQL Injection via Oracle KUPV$FT in Oracle 10g R1" - This is an interesting exploit based on the Bunker exploit on the same function. The interesting thing is the IDS evasion technique used to translate the calls into meaningless text using the translate function. It can be used to gain DBA privileges

"SQL Injection via Oracle KUPM$MCP in Oracle 10g R1" - Similar to the exploit above but without the IDS evasion techniques

"SQL Injection via Oracle KUPW$WORKER in Oracle 10g R1 - again similar to the first exploit and again based on the bunker exploit and also showing again the IDS evasion techniques.

"Local Privilege Escalation in Oracle 10g R2" - This exloit can be used to gain DBA privileges locally on a Windows box. This is Cesar Cerrudo's recent exploit, the C code is based on the NULL DACL issues that David Litchfield revealed on the Oracle-L list and also in his recent book.