fixed_date parameter in Oracle 8i
From: Pete Finnigan (pete@peterfinnigan.demon.co.uk)Date: 11/19/01
- Previous message: Gary O'leary-Steele: "SQL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <Igoz+OAMaX+7EwW4@peterfinnigan.demon.co.uk> Date: Mon, 19 Nov 2001 21:15:56 +0000 To: PEN-TEST@securityfocus.com From: Pete Finnigan <pete@peterfinnigan.demon.co.uk> Subject: fixed_date parameter in Oracle 8i
Hi All
As a lot of people have been interested in what I have written in the
recent past about Oracle security I thought I would share a recent issue
I found on an Oracle security pentest / audit with everyone.
An application we looked at used the oracle system date SYSDATE quite
extensively in its functionality and calculations. It was possible to
cause mis-calculations in the system by altering a system parameter.
I have written a short paper describing this if anyone is interested.
Its at http://www.pentest-limited.com/fixed-date.htm.
regards,
Pete Finnigan
www.pentest-limited.com
-- Pete Finnigan IT Security Consultant PenTest LimitedOffice 01565 830 990 Fax 01565 830 889 Mobile 07974 087 885
pete.finnigan@pentest-limited.com
www.pentest-limited.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
- Previous message: Gary O'leary-Steele: "SQL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
