Re: PeteFinnigan.com Oracle advisory for bugs in dbms_scheduler (alert #68)

  • From: Jonathan Gennick <jonathan@xxxxxxxxxxx>
  • To: Pete Finnigan <oracle_list@xxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 2 Sep 2004 08:33:18 -0400

This alert apparently covers several flaws. I'm actually
taken-aback by how long it's taken Oracle to respond to the
one Pete and I uncovered back in March, which let's you
leverage the new scheduler to gain access to the Oracle
user, and thence to grant yourself DBA privileges.

Best regards,

Jonathan Gennick --- Brighten the corner where you are
http://Gennick.com * 906.387.1698 * mailto:jonathan@xxxxxxxxxxx

Join the Oracle-article list and receive one
article on Oracle technologies per month by 
email. To join, visit http://five.pairlist.net/mailman/listinfo/oracle-article, 
or send email to Oracle-article-request@xxxxxxxxxxx and 
include the word "subscribe" in either the subject or body.


Wednesday, September 1, 2004, 3:06:15 PM, Pete Finnigan 
(oracle_list@xxxxxxxxxxxxxxxxxxxxxxxxx) wrote:
PF> Hi everyone,

PF> Oracle released last night alert #68 covering fixes for many security
PF> bugs in Oracle. PeteFinnigan.com found security bugs in the new 10gR1
PF> scheduler functionality. Our security advisory can be found at
PF> http://www.petefinnigan.com/alerts.htm

PF> Kind regards

PF> Pete

---
To unsubscribe - mailto:oracle-l-request@xxxxxxxxxxxxx&subject=unsubscribe 
To read recent messages - //freelists.org/archives/oracle-l/09-2004

Other related posts:

  1. Home
  2. oracle-l
  3. Archive
  4. 09-2004