Friday, February 05, 2010

There's quite a leak in 11G

There's quite a security leak in Oracle 11G release 2. You are warned. No patch or workaround known (not installing Java - would that be an option?)
Found on c't (German magizine, see link in title), announced on the Black Hat conference by David Litchfield.


First line of defense: revoke all on DMBS_JAVA, DBMS_JAVA_TEST and DBMS_JVM_EXP_PERMS from PUBLIC.

Update 2

Here's a link to an English version of the original article. Note the "How-to" video is available (again).

No comments: