Full Disclosure mailing list archives
SV: [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server
From: "Peter Kruse" <kruse () krusesecurity dk>
Date: Sat, 4 Sep 2004 00:13:03 +0200
Hi,
Actually this sounds like someone stole Litchfield's research - but what do I know. Just seems like too much coincidence since his last talk dealt with procedure based vulns.
No, these are separate issues. This is a coordinated update that fixes multiple vulnerabilities in Oracle. Details from NGSSoftware won't be disclosed until after 3 months. However, the advisory publiced by Application Security Inc. contains sufficient data that could be abused to start exploiting Oracle databases immediately. Kind regards Peter Kruse http://www.csis.dk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server SHATTER (Sep 01)
- Re: [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server Mark Shirley (Sep 02)
- Re: [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server xbud (Sep 03)
- Re: [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server Cesar (Sep 03)
- SV: [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server Peter Kruse (Sep 03)
- Re: [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server Richard Johnson (Sep 04)
- Re: [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server xbud (Sep 03)
- Re: [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server Mark Shirley (Sep 02)