Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Oracle Security Blasted

Re: Oracle Security Blasted

From: Ray Stell <stellr_at_cns.vt.edu>
Date: Fri, 7 Oct 2005 13:52:18 -0400
Message-ID: <20051007175218.GA5973@locust.cns.vt.edu>

Is that true? Are the Alert 68 holes still there? I thought I patched that about 4 or 5 times? ;)

> The real problem with this is not that the flaws
> Alert 68 supposedly fixed
> are still exploitable, but rather the approach
> Oracle took in attempting to
> fix these issues. One would expect that, given the
> length of time they took
> to deliver, these security "fixes" would be well
> considered and robust;
> fixes that actually resolve the security holes. The
> truth of the matter
> though is that this is not the case.

On Fri, Oct 07, 2005 at 09:40:36AM -0700, MacGregor, Ian A. wrote:
> Our security officer sent me this.
>
> Title: David Litchfield writes an open letter to the security community
> and Oracle customers
> Author: Pete Finnigan
> Source: Pete Finnigan's Oracle security weblog
>
> Excerpt:
>
> David is calling for Oracle customers to contact Oracle and demand a
> better security service and those customers should demand fixes. Cesars
> comments mirror those of David with some comparisons to Microsoft a few
> years ago and he also threatens to release a 0day remote exploit.
>
> For complete article see:
> http://www.petefinnigan.com/weblog/archives/00000576.htm
> http://www.securityfocus.com/archive/1/412666/30/0/threaded
> http://www.argeniss.com/products.html
>
> Ian MacGregor
> Stanford Linear Accelerator Center
> --
> http://www.freelists.org/webpage/oracle-l



Ray Stell stellr_at_vt.edu (540) 231-4109 Tempus fugit 28^D
--
http://www.freelists.org/webpage/oracle-l
Received on Fri Oct 07 2005 - 12:55:54 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US