Looks like the folks over at Oracle have discovered a buffer overflow problem with one of their stored procedures, in Oracle database version 10g Release 2, with patches updated as far as February 2007, but are not in much of a hurry to fix.
Discovered by an anonymous researcher, and then reported it to VeriSign's iDefense Labs, the bug could allow evil doers to load elicit code in unsuspecting systems, however Oracle does not plan on patching the procedure until it's scheduled January 15 security release.
For more on Oracle's latest bug and their causal attitude toward it check out The Register: Zero-day bug hangs over Oracle database, Forget about it and iDefense reports: PUBLIC ADVISORY: 11.07.07
Friday, November 9, 2007
Oracle Has A Zero Day Bug In 10g When Will They Fix It?
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment