On 7/12/22 12:19, Noveljic Nenad wrote:
I found a way to escalate privileges from grid to root.
Am I allowed to publish the information on my blog?
Best regards,
Nenad
Don't do it. Once upon a time, I found the way to escalate
privileges to SYSDBA by using external job execution. I published
the details on the Usenet. I was being reproached even 2 years
after that. Even my boss at the time asked me whether I am trying
to get the company's databases hacked. Basically, I've got my 5
minutes of glory and several years of "what were you thinking?".
Pete Finnegan published that there was a vulnerability and I
played with the software, figured out what the vulnerability was,
and published the details. Today, I am sorry that I have. I
wouldn't do it today.
Mladen Gogala Database Consultant Tel: (347) 321-1217 https://dbwhisperer.wordpress.com-- //www.freelists.org/webpage/oracle-l