Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

fixed_date parameter in Oracle 8i

From: Pete Finnigan <pete () peterfinnigan demon co uk>
Date: Mon, 19 Nov 2001 21:15:56 +0000
Hi All

As a lot of people have been interested in what I have written in the
recent past about Oracle security I thought I would share a recent issue
I found on an Oracle security pentest / audit with everyone. 

An application we looked at used the oracle system date SYSDATE quite
extensively in its functionality and calculations. It was possible to
cause mis-calculations in the system by altering a system parameter.

I have written a short paper describing this if anyone is interested.
Its at http://www.pentest-limited.com/fixed-date.htm.

regards,
Pete Finnigan
www.pentest-limited.com

-- 
Pete Finnigan
IT Security Consultant
PenTest Limited

Office  01565 830 990
Fax     01565 830 889
Mobile  07974 087 885

pete.finnigan () pentest-limited com

www.pentest-limited.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: