Image by RaghuP via Flickr
At the Blackhat Conference in Washington D.C., David Litchfield revealed a privilege escalation session and scripts that could be used by anyone with basic session access to gain administrative privilege to a Oracle 11g database and administrative access to the operating system files.
One of the interesting topics in the beginning of the presentation was that of the amount of security vulnerabilities reported by Oracle or other researchers compared to the number reported against Microsoft SQL Server 2005 and 2008. Although I would have expected the complete reverse on the the number of vulnerabilities reported against each product. David used Java calls in Oracle Aurora to gain access.
Oracle and Java Stored Procedures
SOURCE: FORBES.COM
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=4eaf4007-79cf-4988-ac52-38a82f98db41)
Leave a comment