Full Disclosure mailing list archives

Re: Analysis of the Oracle October 2006 Critical Patch Update

From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 18 Oct 2006 09:18:39 -0500

Thanks, David, for your always enlightening (and depressing if you useOracle products) reports on the unbreakable database.

--On Wednesday, October 18, 2006 07:55:35 +0100 David Litchfield<davidl () ngssoftware com> wrote:

Hey all,
I've just posted an analysis of the 22 Oracle RDBMS flaws patched by the
October 2006 Critical Patch Update that was released yesterday:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/c
puoct2006.html.  Further, it's a shame to see that, after a promising
July 2006 CPU where  Oracle had all the patches ready *on time*, they
have slipped back into  their old, bad habits - patches are not ready for
a number of platforms. I  thought they'd solved those issues - but
clearly not. You can get a copy of  the analysis from
http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf,
Cheers,
David Litchfield
NGSSoftware Ltd
http://www.ngssoftware.com/
+44(0) 208 401 0070




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Analysis of the Oracle October 2006 Critical Patch Update David Litchfield (Oct 18)
- Re: Analysis of the Oracle October 2006 Critical Patch Update Paul Schmehl (Oct 18)
  - Re: Analysis of the Oracle October 2006 Critical Patch Update vile (Oct 18)