http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf You can see ref. to Pete's link HTH GovindanK Oracle Certified Professional On Thu, 2 Sep 2004 08:33:18 -0400, "Jonathan Gennick" <jonathan@xxxxxxxxxxx> said: > This alert apparently covers several flaws. I'm actually > taken-aback by how long it's taken Oracle to respond to the > one Pete and I uncovered back in March, which let's you > leverage the new scheduler to gain access to the Oracle > user, and thence to grant yourself DBA privileges. > > Best regards, > > Jonathan Gennick --- Brighten the corner where you are > http://Gennick.com * 906.387.1698 * mailto:jonathan@xxxxxxxxxxx > > Join the Oracle-article list and receive one > article on Oracle technologies per month by > email. To join, visit > http://five.pairlist.net/mailman/listinfo/oracle-article, > or send email to Oracle-article-request@xxxxxxxxxxx and > include the word "subscribe" in either the subject or body. > > > Wednesday, September 1, 2004, 3:06:15 PM, Pete Finnigan > (oracle_list@xxxxxxxxxxxxxxxxxxxxxxxxx) wrote: > PF> Hi everyone, > > PF> Oracle released last night alert #68 covering fixes for many security > PF> bugs in Oracle. PeteFinnigan.com found security bugs in the new 10gR1 > PF> scheduler functionality. Our security advisory can be found at > PF> http://www.petefinnigan.com/alerts.htm > > PF> Kind regards > > PF> Pete > > --- > To unsubscribe - > mailto:oracle-l-request@xxxxxxxxxxxxx&subject=unsubscribe > To read recent messages - //freelists.org/archives/oracle-l/09-2004 --- To unsubscribe - mailto:oracle-l-request@xxxxxxxxxxxxx&subject=unsubscribe To read recent messages - //freelists.org/archives/oracle-l/09-2004