« Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack | Main | Shmoocon 2006: The Church of Wi-Fi presents: An evil bastard, a rainbow and a great dane! »

Zero-day Oracle hole leads to third-party workaround

I think that David is correct on this one. Oracle needs to patch more often, instead of leaving holes open for many months (possibly 6 months in this case). More reasons why Oracle is my public enemy #1.

Thsi skiny on this vulnerability is that a specific SQL command can be passed to the PLSQL gateway when logging in, and a regular user can gain administrator priveleges. That sounds prety serious to me.

- L

Zero-day Oracle hole leads to third-party workaround

A long-time critic of Oracle Corp.’s patching program has posted a four-line workaround for what he describes as a critical flaw in Oracle’s PLSQL Gateway.

Posted by Larry on January 27, 2006 01:36 PM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)