lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <949980053.20040901202251@SECURITY.NNOV.RU>
From: 3APA3A at SECURITY.NNOV.RU (3APA3A)
Subject: Oracle exploit? Where's the beef?

Dear Mark Shirley,

http://www.security.nnov.ru/search/document.asp?docid=6697   No  details
released yet by NGSSoftware


--Wednesday, September 1, 2004, 7:34:32 PM, you wrote to full-disclosure@...ts.netsys.com:

MS> Does anyone know anything further about the new oracle exploit? It
MS> seems no one is saying shit about it other then "it's bad, it affects
MS> everything, patch patch patc".

MS> This is the only url i could find that has anything remotely interesting.

MS> http://www.ciac.org/ciac/bulletins/o-209.shtml

MS> VULNERABILITY ASSESSMENT:  Oracle rates this as a HIGH. "Exploiting
MS> some of the vulnerabilities requires network access, but no valid user
MS> account."

MS> Typical response from oracle,  "DAMAGE:  Oracle does not give
MS> descriptions of the vulnerabilities on this alert."

MS> Remote exploits are bad mmkay.

MS> _______________________________________________
MS> Full-Disclosure - We believe in it.
MS> Charter: http://lists.netsys.com/full-disclosure-charter.html


-- 
~/ZARAZA
??, ??? ????????? ???????. ?? ? ??????? ? ??? ???????? ???? ?? ?? ?????! (????)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ