Re: Recent Oracle exploit is _actually_ an 0day with no patch

To: "Kornbrust, Alexander" <ak@xxxxxxxxxxxxxxxxxxxxxxxxx>, "Cesar" <cesarc56@xxxxxxxxx>, "Steven M. Christey" <coley@xxxxxxxxx>
Subject: Re: Recent Oracle exploit is _actually_ an 0day with no patch
From: "David Litchfield" <davidl@xxxxxxxxxxxxxxx>
Date: Fri, 28 Apr 2006 22:40:37 +0100
Cc: <bugtraq@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <1C09DF36EB7A3F489633C919E741350162C757@xxxxxxxxxxxxxxxxxxxxxx>

Alexander Kornbrust wrote:

Currently I have 40+ OPEN/UNFIXED security issues in Oracle products. A
detailed list from Oracle secalert (Report March 2006) can be found at
the end of this email or (the latest version) on my webpage:


<SNIP>

If Cesar, Esteban and David have a similar number of open security bugs,

Between my bugs, Paul Wright's and my brother Mark's, I can confirmNGSSoftware are waiting on 63 vulnerabilities being fixed. Over 80% of theseissues are critical/high and allow an attacker to gain DBA privs.


Cheers,
David Litchfield
NGSSoftware Ltd
http://www.ngssoftware.com/
+44 (0) 208 401 0070

References:
- RE: Recent Oracle exploit is _actually_ an 0day with no patch
  - From: Kornbrust, Alexander

Prev by Date: Re: Apple Mac OS X Safari 2.0.3 Vulnerability
Next by Date: Re: phpMyForum Cross Site Scripting & CRLF injection
Previous by thread: RE: Recent Oracle exploit is _actually_ an 0day with no patch
Next by thread: [ MDKSA-2006:076 ] - Updated mozilla packages fix numerous vulnerabilities
Index(es):
- Date
- Thread