Researcher Bares Oracle Zero-Day Flaw at Black Hat

["Fergie" <fergdawg () netzero net>]

Via eWeek.

[snip]

British security researcher David Litchfield used the spotlight of the Black Hat Federal Briefings here to call 
attention to a gaping flaw in the Oracle PL/SQL Gateway that remains unpatched three months after it was first reported 
to the database server giant.

In a rare departure from his company's policy of withholding technical details on unpatched vulnerabilities, Litchfield 
provided a blow-by-blow demonstration of an exploit that could be used to gain full database administrator control of 
the back-end database server.

[snip]

More here:
http://www.eweek.com/article2/0,1759,1915420,00.asp

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.