Monday, November 12, 2007
« Secunia Weekly Summary - Issue: 2007-45 | Main | WabiSabiLabi Founder Still Jailed on Spy... »
Exploit code out for Oracle Database 10g vulnerability
Exploit code out for Oracle Database 10g vulnerability

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9046063

By Gregg Keizer
November 08, 2007
Computerworld

With exploit code in circulation and no patch available for a
buffer-overflow bug, Oracle Corp.'s flagship database software is open
to attack, security researchers said today.

The vulnerability was first disclosed yesterday by VeriSign Inc.'s
iDefense Labs, which issued an advisory outlining the flaw in Oracle
Database 10gR2. Earlier versions of the enterprise database software may
also be at risk, iDefense cautioned.

Today, Symantec Corp. followed with a warning to customers of its
DeepSight threat management system. "The issue affects the 'OWNER' and
the 'NAME' parameters of the 'XDB.XDB_PITRIG_PKG.PITRIG_DROP METADATA'
procedure," said Symantec. "Specifically, if the combined length of both
parameters is excessively large, a buffer will overflow when
constructing a SQL query."

NetHappenings Mailing List
Monday, November 12, 2007 3:35:14 PM (Pacific Standard Time, UTC-08:00)    Disclaimer  |   |  Related posts:
Fair Use The Google Scholar service has been extended so that users can choose to search legal opinions and journals for information that they need.
Tweet Black Friday Deals
How do you Upgrade Planet Earth by Marcus Ranum
Microsoft's Bing search engine has a vulnerability with its cash-back promotion, which impacts both merchants and customers.
Barak Obama's half brother is Jewish
Secret copyright treaty leaks. It's bad. Very bad.