Re: Security privilege escalation

From: Mladen Gogala <gogala.mladen_at_gmail.com>
Date: Tue, 12 Jul 2022 21:48:51 -0400
Message-ID: <4c364275-d934-7d0c-c2ea-685ce91bf19d_at_gmail.com>

On 7/12/22 12:19, Noveljic Nenad wrote:

I found a way to escalate privileges from grid to root.

Am I allowed to publish the information on my blog?

Best regards,

Nenad

Don't do it. Once upon a time, I found the way to escalate privileges to SYSDBA by using external job execution. I published the details on the Usenet. I was being reproached even 2 years after that. Even my boss at the time asked me whether I am trying to get the company's databases hacked. Basically, I've got my 5 minutes of glory and several years of "what were you thinking?". Pete Finnegan published that there was a vulnerability and I played with the software, figured out what the vulnerability was, and published the details. Today, I am sorry that I have. I wouldn't do it today.

Mladen Gogala
Database Consultant
Tel: (347) 321-1217
https://dbwhisperer.wordpress.com

-- http://www.freelists.org/webpage/oracle-l Received on Wed Jul 13 2022 - 03:48:51 CEST

This message: [ Message body ]
Next message: Clay Jackson: "RE: Security privilege escalation"
Previous message: Sanjay Mishra: "Re: Segment Growth Tracking"
In reply to: Noveljic Nenad: "Security privilege escalation"
Next in thread: Clay Jackson: "RE: Security privilege escalation"
Reply: Clay Jackson: "RE: Security privilege escalation"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message