Eddie Awad's Blog
msgbartop
News, views, tips and tricks on Oracle and other fun stuff
msgbarbottom

And you thought your patched Oracle database was secure

The latest quarterly Critical Patch Update for Oracle 10gR2 does not plug a hole that allows published attack code to run.

The recent Oracle exploit posted to Bugtraq (http://www.securityfocus.com/archive/1/431353) is actually an 0day and has no patch. The patch for 10g Release 2 for April 2006 Critical Patch Update does _not_ contain a fix for the specific flaw that the exploit takes advantage of. As it happens – this specific flaw was reported to Oracle on the 19th of February 2006.

This is according to David Litchfield.

Ok! Now what?

(via digg)

Filed in Oracle with Comments Off | Tags: ,

sidebartop
sidebarbottom
sidebartop

Recent Posts

sidebarbottom
sidebartop

Tags

10g 11g acquisition aggregator blog book china concepts database dbms_random Documentation E-Business-Suite extension feed Firefox function funny Google gotcha internet join Links MySQL OpenWorld openworld07 openworld08 oraclecommunity password pl/sql plugin programming search Security software sql sql-developer sqlplus tool twitter undocumented video wiki WordPress xe xml
sidebarbottom
sidebartop

Topics

sidebarbottom
sidebartop

Archives

sidebarbottom
sidebartop

Recent Comments

sidebarbottom
sidebartop

My Lifestream


sidebarbottom
sidebartop

About This Blog

sidebarbottom
             © Eddie Awad's Blog / Design: Smashing Wordpress Themes