On 10/19/05, Ray Stell <stellr@xxxxxxxxxx> wrote: > from bugtraq: > > Having downloaded and given the Oracle October patch a cursory examination, > some of the flaws Oracle told me were being fixed, remain exploitable. Once > again the patch is not sufficient. I will conduct a full investigation of > the patch over the coming few days and post some recommendations once > complete. Incidently, it's good to see that the NGS Disclosure policy of not > publicly releasing details of the flaws "fixed" seems to work as a useful > fail safe mechanism. > > More to follow... > Cheers, > David Litchfield > NGSSoftware Ltd > http://www.ngssoftware.com/ > ====================================================================== > Ray Stell stellr@xxxxxx (540) 231-4109 Tempus fugit 28^D > -- > //www.freelists.org/webpage/oracle-l This one will knock out vulnerabilities DB [17-25]: Steps for Manual De-installation of Oracle Spatial http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=179472.1 Basically, the schema mdsys is created by default in a dbca db, even if the spatial option is not being installed. In theory, the following: SQL> drop user spatial cascade; should do the trick. The referenced doc was for 9i and not apparently updated for 10g. As always, test on a destructo box first. Paul -- //www.freelists.org/webpage/oracle-l