Full Disclosure mailing list archives

RE: Oracle read-only user can insert/update/delete data

From: "Van Winssen, Andre A SITI-ITIBHW5" <Andre.VanWinssen () shell com>
Date: Wed, 12 Apr 2006 07:56:31 +0200

Alexander,
I have to say it once again: your company is very careless and irresponsible for publishing 
so much detail about this new oracle security flaw for which no patch exists yet, endangering
many customer production databases.
I have sent testcases to Oracle too that shows that it works against any oracle version currently
available. I expect oracle to include the fix in the next cpu, but have my doubts. 

Kind regards,
Andre van Winssen

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

RE: Oracle read-only user can insert/update/delete data Van Winssen, Andre A SITI-ITIBHW5 (Apr 11)
- Re: RE: Oracle read-only user can insert/update/delete data H D Moore (Apr 11)
- Re: RE: Oracle read-only user can insert/update/delete data KF (lists) (Apr 12)
- <Possible follow-ups>
- RE: Oracle read-only user can insert/update/delete data Van Winssen, Andre A SITI-ITIBHW5 (Apr 11)