RE: April CPU 2014

• From: Sayan Sergeevich Malakshinov <malakshinovss@xxxxxxxxx>
• To: oracle@xxxxxxxxxxxxx
• Date: Wed, 30 Apr 2014 16:30:08 +0400

BTW, another one security vulnerabity was fixed in one of the latest 
patches(there is no this vulnerabity, at least, after January exadata 
patch bundle and CPUAPR2014), that allows to update/delete/insert on 
tables with "select" grant only. 
I found it later than it was fixed in main codeline, but this 
vulnerability wasn't listed in CPU advisories.

--
Best regards,
Sayan Malakshinov
http://orasql.org
root@xxxxxxxx

oracle-l-bounce@xxxxxxxxxxxxx wrote 2014-04-30 15:47:45:
> 
> April CPU 2014
> 
> Hello List,
> 
> April CPU 2014 for DB will be of interest for high security environments 
i.e. two privilege escalations I found have kindly been fixed by Oracle.
> 
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixDB
> There are details about the fixed issues in the book just released 
http://www.apress.com/9781430262114  - though it is mainly about defence 
both in 
> terms of using CC to reduce risk on large estates, and also how to make 
privileged access controls like breakglass more effective, which again 
will 
> be of interest for the sec minded folks wanting to make their DB 
environments safer.
> 
> Cheers,
> Paul
> www.oraclesecurity.com 

• References:
  • April CPU 2014
    • From: oracle

Other related posts:

• » April CPU 2014- oracle
• » RE: April CPU 2014 - Sayan Sergeevich Malakshinov

1. Home
2. oracle-l
3. Archive
4. 04-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---