Database Security
Jan 26
Since last quarter of 2016, a very easy to explore SQL Injection came to public where having a combination CREATE SESSION + EXECUTE_CATALOG_ROLE, an user could escalate his privileges to DBA. The first time I've read about this leak was on Mahmoud Hatem blog. This SQL Injection affects 12.1.0.2 and 12.2.0.1 when the user has this …
Jan 23
Since Oct-2017 I am quarterly writing a post dissecting the changes implemented by Oracle CPUs so we can understand better the modifications implemented by Oracle in our Databases. So what oracle internal objects were changed in 180116? VERSION PATCH OWNER TYPE TOTAL -------------------- ---------- ------------------------------ ------------------------------ ---------- 11.2.0.4 PSU & BP SYS PACKAGE 1 11.2.0.4 …
May 10
Background Oracle 12.1 has introduced a lot of new cool security features and improvements. We all agree with that. However, one of the most bizarre and security vulnerability things that Oracle did in this release was introducing HTTP Digest Authentication to allow XDB users to log in. The new EM Express Edition is one of the …
Jan 16
Those days, after deploying a new AV agent and trying to setup a new audit trail, I started to receive a weird "OAV-46511: missing plugin for trail at agent on host" error as below: Agent was just deployed so no reason for the agent to not include the plugins. After researching a little, I've found …
Jan 12
Today I was installing Audit Vault 12.2.0.4.0 and I started receiving an error saying "Unable to run Clusterware root script" in the final step. First, after researching a little, I found out that I wasn't meeting the requisites for 12.2 installation, only 12.1: For 12.1 (https://docs.oracle.com/cd/E37100_01/doc.121/e27778/preinstall.htm#SIGIG292): Memory Requirements - Each x86 64-bit server must have at …
Rodrigo Jorge
Oracle OCM Database 11g & 12c
Oracle OCM MAA & Cloud
Oracle OCE Data Guard 12c
Oracle OCE RAC and Grid 11gR2 & 12c
Oracle OCE Performance Tuning 11g & 12c
Oracle OCS Security 11g
Oracle OCS Data Warehousing 11g
