Bugtraq mailing list archives
Re: Recent Oracle exploit is _actually_ an 0day with no patch
From: "David Litchfield" <davidl () ngssoftware com>
Date: Fri, 28 Apr 2006 22:40:37 +0100
Alexander Kornbrust wrote:
Currently I have 40+ OPEN/UNFIXED security issues in Oracle products. A detailed list from Oracle secalert (Report March 2006) can be found at the end of this email or (the latest version) on my webpage:
<SNIP>
If Cesar, Esteban and David have a similar number of open security bugs,
Between my bugs, Paul Wright's and my brother Mark's, I can confirm NGSSoftware are waiting on 63 vulnerabilities being fixed. Over 80% of these issues are critical/high and allow an attacker to gain DBA privs.
Cheers, David Litchfield NGSSoftware Ltd http://www.ngssoftware.com/ +44 (0) 208 401 0070
Current thread:
- Recent Oracle exploit is _actually_ an 0day with no patch David Litchfield (Apr 26)
- <Possible follow-ups>
- Re: Recent Oracle exploit is _actually_ an 0day with no patch Steven M. Christey (Apr 28)
- Re: Recent Oracle exploit is _actually_ an 0day with no patch David Litchfield (Apr 28)
- RE: Recent Oracle exploit is _actually_ an 0day with no patch Kornbrust, Alexander (Apr 28)
- Re: Recent Oracle exploit is _actually_ an 0day with no patch David Litchfield (Apr 30)