Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Oracle Security Blasted

Re: Oracle Security Blasted

From: Paul Drake <bdbafh_at_gmail.com>
Date: Fri, 7 Oct 2005 14:49:58 -0400
Message-ID: <910046b40510071149u3cedf6fewb5c47eee1369b36a@mail.gmail.com>


On 10/7/05, Ray Stell <stellr_at_cns.vt.edu> wrote:
>
>
> Is that true? Are the Alert 68 holes still there? I thought I
> patched that about 4 or 5 times? ;)
>
> > The real problem with this is not that the flaws
> > Alert 68 supposedly fixed
> > are still exploitable, but rather the approach
> > Oracle took in attempting to
> > fix these issues. One would expect that, given the
> > length of time they took
> > to deliver, these security "fixes" would be well
> > considered and robust;
> > fixes that actually resolve the security holes. The
> > truth of the matter
> > though is that this is not the case.

Gratuitous Homer Simpson quote:

"mmmmmmmmm ... placebo <drool>".

Pd

On Fri, Oct 07, 2005 at 09:40:36AM -0700, MacGregor, Ian A. wrote:
> > Our security officer sent me this.
> >
> > Title: David Litchfield writes an open letter to the security community
> > and Oracle customers
> > Author: Pete Finnigan
> > Source: Pete Finnigan's Oracle security weblog
> >
> > Excerpt:
> >
> > David is calling for Oracle customers to contact Oracle and demand a
> > better security service and those customers should demand fixes. Cesars
> > comments mirror those of David with some comparisons to Microsoft a few
> > years ago and he also threatens to release a 0day remote exploit.
> >
> > For complete article see:
> > http://www.petefinnigan.com/weblog/archives/00000576.htm
> > http://www.securityfocus.com/archive/1/412666/30/0/threaded
> > http://www.argeniss.com/products.html
> >
> > Ian MacGregor
> > Stanford Linear Accelerator Center
> > --
> > http://www.freelists.org/webpage/oracle-l
> ============================================================
> Ray Stell stellr_at_vt.edu (540) 231-4109 Tempus fugit 28^D
> --
> http://www.freelists.org/webpage/oracle-l
>

--
#/etc/init.d/init.cssd stop
# f=ma, divide by 1, convert to moles.

--
http://www.freelists.org/webpage/oracle-l
Received on Fri Oct 07 2005 - 13:53:47 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US