lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200604120048.33281.fdlist@digitaloffense.net>
Date: Wed Apr 12 06:48:38 2006
From: fdlist at digitaloffense.net (H D Moore)
Subject: RE: Oracle read-only user can
	insert/update/delete data

I dont believe you understand - the exploit details were available to 
anyone who could access Metalink. Alexander did not disclose these flaws, 
the Oracle user who posted the bug report did. The only reason Oracle 
takes security seriously is because folks like Mr. Kornbrust and Mr. 
Litchfield aren't afraid to publish their findings when the vendor tries 
to cover up yet another embarrassing software flaw.

-HD

On Wednesday 12 April 2006 00:38, Van Winssen, Andre A SITI-ITIBHW5 wrote:
> Alexander,
> I have to say it once again: your company is very careless and
> irresponsible for publishing so much detail about this new oracle
> security flaw for which no patch exists yet, endangering many customer
> production databases.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ