Bugtraq: RE: Oracle 10g 10.2.0.2.0 DBA exploit

["putosoft softputo" <hasecorp () hotmail com>]

Patches for 10.2.0.2.0 have been released but the bug is not solved. Patches 
for other plattforms (such as HPUX or AIX) have been re-scheduled. It's not 
important because ANY plattform (even with latest CPU) is vulnerable.
An exploit for Oracle 10.2.0.2.0 was published by N1v1hD $3c41r3 and 
exploits for Oracle 8.1.7.4 and Oracle 9.2.0.7 have been published by David 
Litchfield.
How can I say to my customers that they need to wait for 2 months to have 
the solution for an stupid issue that can compromise the fully database 
server?
How can I say to my customers "Hey! Sorry! But Oracle have been tried to 
solve the f*ing issue about 3 or 4 times but they failed. You need to wait 2 
months (again) for a fix that may or may not solve the vulnerability."
_________________________________________________________________
Acepta el reto MSN Premium: Correos más divertidos con fotos y textos 
increíbles en MSN Premium. Descárgalo y pruébalo 2 meses gratis. 
http://join.msn.com?XAPID=1697&DI=1055&HL=Footer_mailsenviados_correosmasdivertidos