[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Oracle exploit? Where's the beef?

To: Mark Shirley <mshirley@xxxxxxxxx>
Subject: Re: [Full-Disclosure] Oracle exploit? Where's the beef?
From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
Date: Wed, 1 Sep 2004 20:22:51 +0400

Dear Mark Shirley,

http://www.security.nnov.ru/search/document.asp?docid=6697   No  details
released yet by NGSSoftware


--Wednesday, September 1, 2004, 7:34:32 PM, you wrote to 
full-disclosure@xxxxxxxxxxxxxxxx:

MS> Does anyone know anything further about the new oracle exploit? It
MS> seems no one is saying shit about it other then "it's bad, it affects
MS> everything, patch patch patc".

MS> This is the only url i could find that has anything remotely interesting.

MS> http://www.ciac.org/ciac/bulletins/o-209.shtml

MS> VULNERABILITY ASSESSMENT:  Oracle rates this as a HIGH. "Exploiting
MS> some of the vulnerabilities requires network access, but no valid user
MS> account."

MS> Typical response from oracle,  "DAMAGE:  Oracle does not give
MS> descriptions of the vulnerabilities on this alert."

MS> Remote exploits are bad mmkay.

MS> _______________________________________________
MS> Full-Disclosure - We believe in it.
MS> Charter: http://lists.netsys.com/full-disclosure-charter.html


-- 
~/ZARAZA
Да, ему чертовски повезло. Эх и паршиво б ему пришлось если бы он выжил! (Твен)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Oracle exploit? Where's the beef?
  - From: Mark Shirley

Prev by Date: [Full-Disclosure] [ GLSA 200409-01 ] vpopmail: Multiple vulnerabilities
Next by Date: [Full-Disclosure] TorrentTrader 1.0 RC2 - SQL Injection - Proof of Concept
Previous by thread: [Full-Disclosure] Oracle exploit? Where's the beef?
Next by thread: [Full-Disclosure] New security tools and papers released
Index(es):
- Date
- Thread