Oracle database; not so "unbreakable" as one would think

Thursday Feb 4th 2010 by DatabaseJournal.com Staff

Zero-day vulnerability exposed in Oracle 11g gives user full and complete control.

At a recent security conference, David Litchfield, researcher at NGS Consulting, offered up a demonstration that exposed how a user could bypass Oracle Label Security and take complete control over an Oracle 11g database—granting himself system level privileges.

And while Litchfield has devoted ample time finding such security vulnerabilities in Oracle, Litchfield is reportedly moving on to other pastures—possibly computer forensics. Leaving on a high note, Litchfield grades Oracle with a B+ for security in the current Oracle 11g database but also added he thought Oracle was placing too much of the responsibility of security on third-party security tools.

Mobile Site | Full Site