<<< Date Index >>>     <<< Thread Index >>>

RE: Oracle 10g 10.2.0.2.0 DBA exploit



Patches for 10.2.0.2.0 have been released but the bug is not solved. Patches for other plattforms (such as HPUX or AIX) have been re-scheduled. It's not important because ANY plattform (even with latest CPU) is vulnerable.

An exploit for Oracle 10.2.0.2.0 was published by N1v1hD $3c41r3 and exploits for Oracle 8.1.7.4 and Oracle 9.2.0.7 have been published by David Litchfield.

How can I say to my customers that they need to wait for 2 months to have the solution for an stupid issue that can compromise the fully database server?

How can I say to my customers "Hey! Sorry! But Oracle have been tried to solve the f*ing issue about 3 or 4 times but they failed. You need to wait 2 months (again) for a fix that may or may not solve the vulnerability."

_________________________________________________________________
Acepta el reto MSN Premium: Correos más divertidos con fotos y textos increíbles en MSN Premium. Descárgalo y pruébalo 2 meses gratis. http://join.msn.com?XAPID=1697&DI=1055&HL=Footer_mailsenviados_correosmasdivertidos