[dbsec] Re: New Database Security Brief
- From: "David Litchfield" <davidl@xxxxxxxxxxxxxxx>
- To: <dbsec@xxxxxxxxxxxxx>
- Date: Fri, 18 Nov 2005 15:28:05 -0000
I've just uploaded another database security brief - this one explores
extproc and risks posed by UTL_TCP
Cheers,
David
> -----Original Message-----
> From: dbsec-bounce@xxxxxxxxxxxxx
> [mailto:dbsec-bounce@xxxxxxxxxxxxx] On Behalf Of David Litchfield
> Sent: 18 November 2005 14:26
> To: dbsec@xxxxxxxxxxxxx
> Subject: [dbsec] New Database Security Brief
>
> I've just put up a Database Security Brief; the first of many to come.
>
> http://www.databasesecurity.com/dbsec-briefs.htm
>
> It's called a brief because there's enough meat to make it
> interesting but not enough to make it a paper ;)
>
> This brief, Snagging Security Tokens to Elevate Privileges,
> details how a database server running as a low privileged
> user on Windows can still provide an attacker with the
> ability to gain elevated privileges on the network and
> suggests a change it security policy to mitigate the risk. As
> a side note, this affects all network servers that offer OS
> based authentication - not just database servers.
>
> Cheers,
> David
>
>
>
>
Other related posts:
