[dbsec] Re: New Database Security Brief

• From: "David Litchfield" <davidl@xxxxxxxxxxxxxxx>
• To: <dbsec@xxxxxxxxxxxxx>
• Date: Fri, 18 Nov 2005 15:28:05 -0000

 
I've just uploaded another database security brief - this one explores
extproc and risks posed by UTL_TCP
Cheers,
David


> -----Original Message-----
> From: dbsec-bounce@xxxxxxxxxxxxx 
> [mailto:dbsec-bounce@xxxxxxxxxxxxx] On Behalf Of David Litchfield
> Sent: 18 November 2005 14:26
> To: dbsec@xxxxxxxxxxxxx
> Subject: [dbsec] New Database Security Brief
> 
> I've just put up a Database Security Brief; the first of many to come.
> 
> http://www.databasesecurity.com/dbsec-briefs.htm
> 
> It's called a brief because there's enough meat to make it 
> interesting but not enough to make it a paper ;)
> 
> This brief, Snagging Security Tokens to Elevate Privileges, 
> details how a database server running as a low privileged 
> user on Windows can still provide an attacker with the 
> ability to gain elevated privileges on the network and 
> suggests a change it security policy to mitigate the risk. As 
> a side note, this affects all network servers that offer OS 
> based authentication - not just database servers.
> 
> Cheers,
> David
> 
> 
> 
> 

• References:
  • [dbsec] New Database Security Brief
    • From: David Litchfield

Other related posts:

• » [dbsec] New Database Security Brief
• » [dbsec] Re: New Database Security Brief

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription