[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Recent Oracle exploit is _actually_ an 0day with no patch

To: "Kornbrust, Alexander" <ak@xxxxxxxxxxxxxxxxxxxxxxxxx>, "Cesar" <cesarc56@xxxxxxxxx>, "Steven M. Christey" <coley@xxxxxxxxx>
Subject: Re: Recent Oracle exploit is _actually_ an 0day with no patch
From: "David Litchfield" <davidl@xxxxxxxxxxxxxxx>
Date: Fri, 28 Apr 2006 22:40:37 +0100

Alexander Kornbrust wrote:

Currently I have 40+ OPEN/UNFIXED security issues in Oracle products. A
detailed list from Oracle secalert (Report March 2006) can be found at
the end of this email or (the latest version) on my webpage:

<SNIP>

If Cesar, Esteban and David have a similar number of open security bugs,

Between my bugs, Paul Wright's and my brother Mark's, I can confirmNGSSoftware are waiting on 63 vulnerabilities being fixed. Over 80% of theseissues are critical/high and allow an attacker to gain DBA privs.

Cheers,
David Litchfield
NGSSoftware Ltd
http://www.ngssoftware.com/
+44 (0) 208 401 0070

References:
- RE: Recent Oracle exploit is _actually_ an 0day with no patch
  - From: Kornbrust, Alexander

Prev by Date: Re: Apple Mac OS X Safari 2.0.3 Vulnerability
Next by Date: Re: phpMyForum Cross Site Scripting & CRLF injection
Previous by thread: RE: Recent Oracle exploit is _actually_ an 0day with no patch
Next by thread: [ MDKSA-2006:076 ] - Updated mozilla packages fix numerous vulnerabilities
Index(es):
- Date
- Thread