Full Disclosure mailing list archives

Re: RE: Oracle read-only user can insert/update/delete data

From: H D Moore <fdlist () digitaloffense net>
Date: Wed, 12 Apr 2006 00:48:33 -0500

I dont believe you understand - the exploit details were available to 
anyone who could access Metalink. Alexander did not disclose these flaws, 
the Oracle user who posted the bug report did. The only reason Oracle 
takes security seriously is because folks like Mr. Kornbrust and Mr. 
Litchfield aren't afraid to publish their findings when the vendor tries 
to cover up yet another embarrassing software flaw.

-HD

On Wednesday 12 April 2006 00:38, Van Winssen, Andre A SITI-ITIBHW5 wrote:

Alexander,
I have to say it once again: your company is very careless and
irresponsible for publishing so much detail about this new oracle
security flaw for which no patch exists yet, endangering many customer
production databases.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

RE: Oracle read-only user can insert/update/delete data Van Winssen, Andre A SITI-ITIBHW5 (Apr 11)
- Re: RE: Oracle read-only user can insert/update/delete data H D Moore (Apr 11)
- Re: RE: Oracle read-only user can insert/update/delete data KF (lists) (Apr 12)
- <Possible follow-ups>
- RE: Oracle read-only user can insert/update/delete data Van Winssen, Andre A SITI-ITIBHW5 (Apr 11)