A well-known security researcher yesterday showed how to subvert security in the Oracle 11g database by exploiting zero-day vulnerabilities that would let a savvy user gain full and complete control.
Researcher claims hack of processor used to secure Xbox 360, other products
David Litchfield, a researcher at NGS Consulting, demonstrated how a user can subvert security to elevate his privileges to take complete control over Oracle 11g and also showed how to bypass the Oracle Label Security used to set mandatory access controls over information depending on security level. At the same time, Litchfield announced this was his final day at NGS, saying he was considering changing his focus to computer forensics.
The security-industry veteran said ever since he heard Oracle's chief Larry Ellison touting his database as being "unbreakable, I took umbrage at that." Litchfield noted he and Oracle have had a "rocky relationship" for a long time.
The link for this article located at Network World is no longer available.