| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 01 May 2006 15:27:31 +0000 From: "putosoft softputo" <hasecorp@...mail.com> To: bugtraq@...urityfocus.com Cc: davidl@...software.com, cesar@...eniss.com, ak@...-database-security.com, Mary.Ann.Davidson@...cle.com Subject: RE: Oracle 10g 10.2.0.2.0 DBA exploit Patches for 10.2.0.2.0 have been released but the bug is not solved. Patches for other plattforms (such as HPUX or AIX) have been re-scheduled. It's not important because ANY plattform (even with latest CPU) is vulnerable. An exploit for Oracle 10.2.0.2.0 was published by N1v1hD $3c41r3 and exploits for Oracle 8.1.7.4 and Oracle 9.2.0.7 have been published by David Litchfield. How can I say to my customers that they need to wait for 2 months to have the solution for an stupid issue that can compromise the fully database server? How can I say to my customers "Hey! Sorry! But Oracle have been tried to solve the f*ing issue about 3 or 4 times but they failed. You need to wait 2 months (again) for a fix that may or may not solve the vulnerability." _________________________________________________________________ Acepta el reto MSN Premium: Correos más divertidos con fotos y textos increíbles en MSN Premium. Descárgalo y pruébalo 2 meses gratis. http://join.msn.com?XAPID=1697&DI=1055&HL=Footer_mailsenviados_correosmasdivertidos
Powered by blists - more mailing lists