There's quite a security leak in Oracle 11G release 2. You are warned. No patch or workaround known (not installing Java - would that be an option?)
Found on c't (German magizine, see link in title), announced on the Black Hat conference by
David Litchfield.
Update
First line of defense: revoke all on DMBS_JAVA, DBMS_JAVA_TEST and DBMS_JVM_EXP_PERMS from PUBLIC.
Update 2
Here's a link to an
English version of the original article. Note the
"How-to" video is available (again).
No comments:
Post a Comment