BugTraq
RE: Oracle 10g 10.2.0.2.0 DBA exploit May 01 2006 03:27PM
putosoft softputo (hasecorp hotmail com)
Patches for 10.2.0.2.0 have been released but the bug is not solved. Patches
for other plattforms (such as HPUX or AIX) have been re-scheduled. It's not
important because ANY plattform (even with latest CPU) is vulnerable.

An exploit for Oracle 10.2.0.2.0 was published by N1v1hD $3c41r3 and
exploits for Oracle 8.1.7.4 and Oracle 9.2.0.7 have been published by David
Litchfield.

How can I say to my customers that they need to wait for 2 months to have
the solution for an stupid issue that can compromise the fully database
server?

How can I say to my customers "Hey! Sorry! But Oracle have been tried to
solve the f*ing issue about 3 or 4 times but they failed. You need to wait 2
months (again) for a fix that may or may not solve the vulnerability."

_________________________________________________________________
Acepta el reto MSN Premium: Correos más divertidos con fotos y textos
increíbles en MSN Premium. Descárgalo y pruébalo 2 meses gratis.
http://join.msn.com?XAPID=1697&DI=1055&HL=Footer_mailsenviados_correosma
sdivertidos

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus