Information Security News mailing list archives
Re: 34 flaws found in Oracle database software
From: InfoSec News <isn () c4i org>
Date: Mon, 9 Aug 2004 07:43:28 -0500 (CDT)
Forwarded from: security curmudgeon <jericho () attrition org> [Few comments on this article.. -jericho] : http://www.computerworld.com/securitytopics/security/story/0,10801,95013,00.html : : By Jaikumar Vijayan : AUGUST 03, 2004 : COMPUTERWORLD : : Oracle Corp. will soon issue patches to fix 34 different vulnerabilities : in its database software that were disclosed to it early this year by a : British bug hunter. Thirty four is a lot.. perhaps Oracle could stand to hire some audit talent. : "They include buffer overflows, SQL injection issues and a whole range : of other minor issues," said Litchfield, who discovered the flaws. He : said that he reported them to Oracle in January and February. Seven to eight month turnaround time... chalk that up to "regression testing"? : Oracle confirmed the existence of the flaws, which were discussed : publicly at last week's Black Hat security conference in Las Vegas, but : did not offer any further comment. In an e-mailed statement, a company : spokeswoman said that Oracle had fixed the flaws and would issue a : security alert "soon." http://www.blackhat.com/html/bh-usa-04/bh-usa-04-speakers.html All New 0-Day David Litchfield, Founder, Next Generation Security Software This presentation will be entirely new and never seen before. Code included. Yet on the BlackHat CD provided, there is no bh-us-04-litchfield.pdf set of slides (with or without 0-day). I also heard in passing that Litchfield told the audience first thing that there would be no 0-day disclosure, instead there would only be generic SQL injection discussion. Can anyone confirm this? If true, did Jaikumar Vijayan not attend the talk and write this based solely on the schedule? _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html
Current thread:
- 34 flaws found in Oracle database software InfoSec News (Aug 04)
- <Possible follow-ups>
- Re: 34 flaws found in Oracle database software InfoSec News (Aug 09)
- Re: 34 flaws found in Oracle database software InfoSec News (Aug 11)