Oracle Data Redaction is Broken

[<david () databasesecurity com>]

Hey all,
As part of yesterday’s Critical Patch Update, Oracle fixed 3 security flaws 
in data redaction services – one a privilege escalation vulnerability and 
two redaction bypass methods. I reported these issues to Oracle in November 
last year and have documented them here: 
http://www.davidlitchfield.com/Oracle_Data_Redaction_is_Broken.pdf
Cheers,
David 


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/