Monday, November 12, 2007
« Secunia Weekly Summary - Issue: 2007-45 | Main | WabiSabiLabi Founder Still Jailed on Spy... »
Exploit code out for Oracle Database 10g vulnerability
Exploit code out for Oracle Database 10g vulnerability

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9046063

By Gregg Keizer
November 08, 2007
Computerworld

With exploit code in circulation and no patch available for a
buffer-overflow bug, Oracle Corp.'s flagship database software is open
to attack, security researchers said today.

The vulnerability was first disclosed yesterday by VeriSign Inc.'s
iDefense Labs, which issued an advisory outlining the flaw in Oracle
Database 10gR2. Earlier versions of the enterprise database software may
also be at risk, iDefense cautioned.

Today, Symantec Corp. followed with a warning to customers of its
DeepSight threat management system. "The issue affects the 'OWNER' and
the 'NAME' parameters of the 'XDB.XDB_PITRIG_PKG.PITRIG_DROP METADATA'
procedure," said Symantec. "Specifically, if the combined length of both
parameters is excessively large, a buffer will overflow when
constructing a SQL query."

NetHappenings Mailing List
Monday, November 12, 2007 6:35:14 PM (Eastern Standard Time, UTC-05:00)    Disclaimer  |  Comments [0]  |  Related posts:
First Women Computers
Multi Processor Computing 1924
OSHA Uncensored
Make Your Power Company Carbon-Free
Palin Republican nominee for VP
FCC Begins to Resolve Mutually Exclusive Noncommercial FM Radio Applications
Comments are closed.