Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "The CPU Jan 2006 patch for HP/UX Application Server is empty"] [Next entry: "Duncan Harris speaks on Oracle Security"]

Alex has produced a detailed analysis of the Jan 2006 CPU

Alex has created a great analysis of the January 2006 Critical Patch Update (CPU Jan 2006). This page is titled "Details Oracle Critical Patch Update January 2006 - V1.06". This paper details all of the packages and functions/procedures that are vulnerable and all parameters where relevant. This section includes a lot of detailed information. The next section includes a mapping of security vulnerabilities in Oracle features and components. Then there is a section mapping oracle vulnerability numbers with vulnerability types and affected versions. Alex also details the very simple password checker also released with this patch that is intended to be used to check for the default users that are mentioned in the recent Oracle worm. A much better default password checker is available on this site that checks for a much larger list of accounts.

Alex has advised me that this is a living document and will be updated as new information becomes available.