I've stepped today at ORASEC blog by Paul Wright. I've found this issue a big problem. Anybody that is using Oracle client on windows can quite easy get DBA rights by editing client9.dll file. I've to check if this is still problem with latest Oracle 10.2.0.3 release.
Cheers, Paweł
Subscribe to:
Post Comments (Atom)
1 comment:
I cannot reproduce this bug on Oracle 10.2.0.2 and 10.2.0.3. When I run sql*plus it gives 'ORA-00604: error occurred at recursive SQL level 1
ORA-01031: insufficient privileges' and does not log on.
So these versions seems to be safe.
Post a Comment