Two papers on Oracle 11g Security
Hey all,
Since there seems to be a fair bit of disinformation, and utter nonsense,
floating around since my talk at the Black Hat Federal security conference
the other day, I have decided to publish the following papers.
http://www.databasesecurity.com/HackingAurora.pdf
http://www.databasesecurity.com/ExploitingPLSQLinOracle11g.pdf
Whilst the papers were written on the 14th and 21st of October respectively,
Oracle were informed on these issues discussed in these papers on the 11th
and 13th of October 2009.
The slides from the talk can be found here:
http://www.databasesecurity.com/bh-DC2010.pdf
Cheers,
David Litchfield
Ïà¹ØÎĵµ£º
¼ÙÉèÓÐÕÅ±í£¬½Ðtable1£¬ÀïÃæÓÐ5000ÍòÐÐÊý¾Ý£¬¼ÙÉèÔ¤¼ÆÈ«±íɨÃè1´ÎÐèÒª1¸öСʱ£¬ÎÒÃÇ´Ó¹ý³ÌÀ´¿´£º
1¡¢ÔÚ1µãÖÓ£¬ÓиöÓû§A·¢³öÁËselect * from table1;´Ëʱ²»¹Ü½«À´table1Ôõô±ä»¯£¬ÕýÈ·µÄ½á¹ûÓ¦¸ÃÊÇÓû§A»á¿´µ½ÔÚ1µãÖÓÕâ¸öʱ¿ÌµÄÄÚÈÝ¡£Õâ¸öÊÇûÓÐÒÉÎʵġ£
2¡¢ÔÚ1µã30·Ö£¬ÓиöÓû§BÖ´ÐÐÁËupdateÃüÁ¸üÐÂÁËtable1±íÖеĵ ......
1.×¼±¸¹¤×÷£º
°²×°32λ»ò64λRHEL5.4£¬°²×°Ïòµ¼Öв»ÐèҪѡÈκÎ×é¼þ£¬²»ÐèÒªÔ¤ÅäÖÃÈκÎÓû§£¬IPÊÇDHCP»ò¾²Ì¬½Ô¿É¡£
°²×°ºóÅäÖöîÍâ×é¼þ£º
yum -y install libXp,make,binutils,gcc,kernel-headers,glibc-headers,glibc-devel,libgomp
ÔÚx86_64ÉÏ»¹ÐèÒªcompat-libstdc++-33.x86_64
¶Ôx86£¬ÉÏ´«²¢½âѹ10201_database_lin ......
ÍøÉÏÓкܶàµÄ×ÊÁÏ£¬²Î¿¼itput£¨http://space.itpub.net/471666/viewspace-215923£©µÄ¡£
OS : Redhat
DB : Oracle 10.2.0.4.0
1.ÐÞ¸Äjdk ÏÂÃæµÄ×ÖÌå¡£
[oracle@a ~]$ cd $ORACLE_HOME/jdk/jre/lib/
[oracle@a ~]]$ mv font.properties font.properties_bak
[oracle@a ~]]$
[oracle@a ~]]$ cp font.properties.zh_CN.R ......
http://tech.163.com/05/0701/10/1NIODMQS00091589.html
ÒòΪÔÚPL/SQL Öв¢Ã»ÓÐÊý×é.
ÕâÊÇż²é×ÊÁÏÕҵķ¶ÀýºÍ×Ô¼ºÐ´µÄ·¶ÀýÀ´½âÊÍÈçºÎÔÚPL/SQL ÖÐʹÓÃÊý×é. Ò²ÐíºÜ¶àÈËÒÑÖªµÀ, ²»¹ý¾ÍÊÇÈò»ÖªµÀµÄÅóÓÑÃÇÁ˽âһϰɡ£
----------------------
µ¥Î¬Êý×é
------------------------
DECLARE
TYPE
emp_ssn_array IS TA ......
Oracle JDeveloper 10g Release Download
Oracle JDeveloper 10g (version 9.0.5.1, build 1605) for Windows NT/2000/X, Linux, Solaris, and HP-UX.
http://download.oracle.com/otn/java/jdeveloper/905/jdev9051.zip
http://download-east.oracle.com/otn/java/jdeveloper/905/jdev9051.zip
http://download-west ......
