Re: Oracle Data Redaction is Broken
- From: Tim Gorman <tim@xxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Wed, 16 Jul 2014 08:47:43 -0600
David,
Your paper from last November listed three bypass methods (i.e.
RETURNING INTO, XMLQuery, and iterative inference) along with the
escalation vulnerability, which makes a total of four problems. Is the
iterative inference method the one which is still remaining?
I looked at the README
<https://updates.oracle.com/Orion/Services/download?type=readme&aru=17639413>
for patch 18522516 (DB PSU 12.1.0.1.4) and couldn't find direct
references to security bugs or anything involving "redaction" or
"xmlquery", but I did find some generically named fixed bugs
(highlighted in red typeface below) whose description I can't seem to
reference within MOS...
_Oracle Security_
14595800 - CONTEXT INDEX ON FGA POLICY ENABLE TABLE WITH XMLTYPE COLUMN
FAILS
15953721 - TT12.1SQLFUZZ2: FAILED LOGIN ATTEMPT FOR PROXY USER INCREASED
WHEN ORA-1948 RAIS
16969016 - LNX_MAIN: ORA-600 [KZDUSERPRIVILEGEUPDATE-1]
16703112 - Fix for bug 16703112
17006570 - Fix for bug 17006570
17786278 - Fix for bug 17786278
18061914 - Fix for bug 18061914
18096714 - Fix for bug 18096714
18554871 - Fix for bug 18554871
19049453 - Fix for bug 19049453
_XML Utilities_
17158214 - ORA-4031 FATAL OUT-OF-MEMORY CRASH ON NT EXECUTING
LPXXSLINITIALIZECTX API
15905421 - Fix for bug 15905421
Just curious how you were informed that three of the four bugs had been
addressed, and which of the four is still remaining?
Thanks so much!
-Tim
On 7/16/14, 6:45, david@xxxxxxxxxxxxxxxxxxxx wrote:
Hey all,
As part of yesterday’s Critical Patch Update, Oracle fixed 3 security
flaws in data redaction services – one a privilege escalation
vulnerability and two redaction bypass methods. I reported these
issues to Oracle in November last year and have documented them here:
http://www.davidlitchfield.com/Oracle_Data_Redaction_is_Broken.pdf
Cheers,
David
Other related posts:
