Black Hat: Zero-day hack of Oracle 11g database revealed - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 14th, 2012

Linux Advisory Watch: May 10th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Black Hat: Zero-day hack of Oracle 11g database revealed

User Rating:

How can I rate this item?

Source: Network World - Posted by Alex

A well-known security researcher yesterday showed how to subvert security in the Oracle 11g database by exploiting zero-day vulnerabilities that would let a savvy user gain full and complete control. Researcher claims hack of processor used to secure Xbox 360, other products David Litchfield, a researcher at NGS Consulting, demonstrated how a user can subvert security to elevate his privileges to take complete control over Oracle 11g and also showed how to bypass the Oracle Label Security used to set mandatory access controls over information depending on security level. At the same time, Litchfield announced this was his final day at NGS, saying he was considering changing his focus to computer forensics.

The security-industry veteran said ever since he heard Oracle's chief Larry Ellison touting his database as being "unbreakable, I took umbrage at that." Litchfield noted he and Oracle have had a "rocky relationship" for a long time.

Read this full article at Network World