Monday, November 12, 2007
« Secunia Weekly Summary - Issue: 2007-45 | Main | WabiSabiLabi Founder Still Jailed on Spy... »
Exploit code out for Oracle Database 10g vulnerability
Exploit code out for Oracle Database 10g vulnerability

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9046063

By Gregg Keizer
November 08, 2007
Computerworld

With exploit code in circulation and no patch available for a
buffer-overflow bug, Oracle Corp.'s flagship database software is open
to attack, security researchers said today.

The vulnerability was first disclosed yesterday by VeriSign Inc.'s
iDefense Labs, which issued an advisory outlining the flaw in Oracle
Database 10gR2. Earlier versions of the enterprise database software may
also be at risk, iDefense cautioned.

Today, Symantec Corp. followed with a warning to customers of its
DeepSight threat management system. "The issue affects the 'OWNER' and
the 'NAME' parameters of the 'XDB.XDB_PITRIG_PKG.PITRIG_DROP METADATA'
procedure," said Symantec. "Specifically, if the combined length of both
parameters is excessively large, a buffer will overflow when
constructing a SQL query."

NetHappenings Mailing List
Monday, November 12, 2007 6:35:14 PM (Eastern Standard Time, UTC-05:00)    Disclaimer  |  Comments [0]  |  Related posts:
Voting in 2008 A Report by Common Cause and the Century Foundation
Presidential Campaign which is a word used in War
Palin has used personal yahoo e-mail accounts to conduct state business
Michell Obama on the Daily Show Part 1 and 2
About Money Lies and Liars
Final List of Who Voted for the Bail Out Bill