Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Oracle read-only user can insert/update/delete data
From: "Van Winssen, Andre A SITI-ITIBHW5" <Andre.VanWinssen () shell com>
Date: Wed, 12 Apr 2006 07:56:31 +0200

I have to say it once again: your company is very careless and irresponsible for publishing 
so much detail about this new oracle security flaw for which no patch exists yet, endangering
many customer production databases.
I have sent testcases to Oracle too that shows that it works against any oracle version currently
available. I expect oracle to include the fix in the next cpu, but have my doubts. 

Kind regards,
Andre van Winssen

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]