Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Oracle 0-day to get SYSDBA access to the database
Nov 12 2007 01:14PM
pete petefinnigan com
Tanel Poder has found a way to get SYSDBA access to the Oracle database by utilising a user who has the BECOME USER system privilege, execute privileges on KUPP$PROC.CHANGE_USER and CREATE SESSION. he shows how a user with these privileges can become SYS (but not SYSDBA) and then use an immediate de...
[ more ]
Copyright 2010, SecurityFocus