This alert apparently covers several flaws. I'm actually taken-aback by how long it's taken Oracle to respond to the one Pete and I uncovered back in March, which let's you leverage the new scheduler to gain access to the Oracle user, and thence to grant yourself DBA privileges. Best regards, Jonathan Gennick --- Brighten the corner where you are http://Gennick.com * 906.387.1698 * mailto:jonathan@xxxxxxxxxxx Join the Oracle-article list and receive one article on Oracle technologies per month by email. To join, visit http://five.pairlist.net/mailman/listinfo/oracle-article, or send email to Oracle-article-request@xxxxxxxxxxx and include the word "subscribe" in either the subject or body. Wednesday, September 1, 2004, 3:06:15 PM, Pete Finnigan (oracle_list@xxxxxxxxxxxxxxxxxxxxxxxxx) wrote: PF> Hi everyone, PF> Oracle released last night alert #68 covering fixes for many security PF> bugs in Oracle. PeteFinnigan.com found security bugs in the new 10gR1 PF> scheduler functionality. Our security advisory can be found at PF> http://www.petefinnigan.com/alerts.htm PF> Kind regards PF> Pete --- To unsubscribe - mailto:oracle-l-request@xxxxxxxxxxxxx&subject=unsubscribe To read recent messages - //freelists.org/archives/oracle-l/09-2004