Full Disclosure mailing list archives

Re: Oracle exploit? Where's the beef?

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 1 Sep 2004 20:22:51 +0400

Dear Mark Shirley,

http://www.security.nnov.ru/search/document.asp?docid=6697   No  details
released yet by NGSSoftware


--Wednesday, September 1, 2004, 7:34:32 PM, you wrote to full-disclosure () lists netsys com:

MS> Does anyone know anything further about the new oracle exploit? It
MS> seems no one is saying shit about it other then "it's bad, it affects
MS> everything, patch patch patc".

MS> This is the only url i could find that has anything remotely interesting.

MS> http://www.ciac.org/ciac/bulletins/o-209.shtml

MS> VULNERABILITY ASSESSMENT:  Oracle rates this as a HIGH. "Exploiting
MS> some of the vulnerabilities requires network access, but no valid user
MS> account."

MS> Typical response from oracle,  "DAMAGE:  Oracle does not give
MS> descriptions of the vulnerabilities on this alert."

MS> Remote exploits are bad mmkay.

MS> _______________________________________________
MS> Full-Disclosure - We believe in it.
MS> Charter: http://lists.netsys.com/full-disclosure-charter.html


-- 
~/ZARAZA
Да, ему чертовски повезло. Эх и паршиво б ему пришлось если бы он выжил! (Твен)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Oracle exploit? Where's the beef? Mark Shirley (Sep 01)
- Re: Oracle exploit? Where's the beef? 3APA3A (Sep 01)