mailing list archives
RE: Oracle read-only user can insert/update/delete data
From: "Van Winssen, Andre A SITI-ITIBHW5" <Andre.VanWinssen () shell com>
Date: Wed, 12 Apr 2006 07:56:31 +0200
I have to say it once again: your company is very careless and irresponsible for publishing
so much detail about this new oracle security flaw for which no patch exists yet, endangering
many customer production databases.
I have sent testcases to Oracle too that shows that it works against any oracle version currently
available. I expect oracle to include the fix in the next cpu, but have my doubts.
Andre van Winssen
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/