Information Security News mailing list archives
Re: Oracle Patch Fixes 23 'Critical' Vulnerabilities
From: InfoSec News <isn () c4i org>
Date: Fri, 21 Jan 2005 02:07:01 -0600 (CST)
Forwarded from: security curmudgeon <jericho () attrition org> : In the past, Oracle has been criticized for its lackadaisical approach : to addressing critical security flaws. At the Black Hat security : conference in Las Vegas last year, NGS Software pushed the envelope by : releasing details on more than two dozen security holes in Oracle : products that had not been fixed. : : At the time, NGS Software said Oracle was aware of the vulnerabilities - : some of them critical - for several months. Several months? From this round of patches.. http://www.red-database-security.com/content6.html History: 03 April 2003 Oracle was informed 18 April 2003 Bug confirmed 18 Januar 2005 Oracle published alert 69 Just under two years for this issue? http://archives.cnn.com/2002/TECH/industry/01/21/oracle.unbreakable.idg/ Oracle Corp. Chairman and Chief Executive Officer Larry Ellison said Thursday that Oracle software remains unbreakable and mocked a memo sent this week by arch rival Bill Gates stressing to Microsoft Corp.'s employees the importance of security in the company's products. http://www.osvdb.org/searchdb.php?action=search_title&vuln_title=oracle&Search=Search "Microsoft isn't good at security. We're good at that.." -- Larry Ellison _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
Current thread:
- Oracle Patch Fixes 23 'Critical' Vulnerabilities InfoSec News (Jan 20)
- <Possible follow-ups>
- Re: Oracle Patch Fixes 23 'Critical' Vulnerabilities InfoSec News (Jan 21)