January 2018 archive

SQL Injection on 12c CDBView package finally fixed on 180116

Since last quarter of 2016, a very easy to explore SQL Injection came to public where having a combination CREATE SESSION + EXECUTE_CATALOG_ROLE, an user could escalate his privileges to DBA. The first time I've read about this leak was on Mahmoud Hatem blog. This SQL Injection affects 12.1.0.2 and 12.2.0.1 when the user has this …

Continue reading

Dissecting 180116 BP, PSU, RU and RUR

Since Oct-2017 I am quarterly writing a post dissecting the changes implemented by Oracle CPUs so we can understand better the modifications implemented by Oracle in our Databases. So what oracle internal objects were changed in 180116? VERSION PATCH OWNER TYPE TOTAL -------------------- ---------- ------------------------------ ------------------------------ ---------- 11.2.0.4 PSU & BP SYS PACKAGE 1 11.2.0.4 …

Continue reading

Implementing Oracle Connection Manager with High Availability

One of the biggest problemas we have in Oracle Cloud Infrastructure Classic is that when you provision an ExaCS you cannot assign "IP Network" addresses (as known as private IPs, eg: 10.x.x.x) to your ExaCS machine. That being said, you have only 2 options if you want to communicate your applications in Compute Classic (as …

Continue reading

Oracle Cloud Ashburn x Chicago bandwidth test

Those days I had to implement an Oracle Cloud "IAAS Classic" solution for databases and applications with DR environments, considering the primary region as Ashburn (uscom-east-1) and the standby region as Chicago (uscom-central-1). To make both regions talk securely over the internet, I had to implement a VPN connection between both regions. Before stating everything, …

Continue reading