lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [month] [year] [list] 
From: 3APA3A at SECURITY.NNOV.RU (3APA3A)
Subject: Oracle exploit? Where's the beef?

Dear Mark Shirley,

http://www.security.nnov.ru/search/document.asp?docid=6697   No  details
released yet by NGSSoftware


--Wednesday, September 1, 2004, 7:34:32 PM, you wrote to full-disclosure@...ts.netsys.com:

MS> Does anyone know anything further about the new oracle exploit? It
MS> seems no one is saying shit about it other then "it's bad, it affects
MS> everything, patch patch patc".

MS> This is the only url i could find that has anything remotely interesting.

MS> http://www.ciac.org/ciac/bulletins/o-209.shtml

MS> VULNERABILITY ASSESSMENT:  Oracle rates this as a HIGH. "Exploiting
MS> some of the vulnerabilities requires network access, but no valid user
MS> account."

MS> Typical response from oracle,  "DAMAGE:  Oracle does not give
MS> descriptions of the vulnerabilities on this alert."

MS> Remote exploits are bad mmkay.

MS> _______________________________________________
MS> Full-Disclosure - We believe in it.
MS> Charter: http://lists.netsys.com/full-disclosure-charter.html


-- 
~/ZARAZA
??, ??? ????????? ???????. ?? ? ??????? ? ??? ???????? ???? ?? ?? ?????! (????)

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux