Kommentare zu: First exploits for CPUJan2008 published http://blog.red-database-security.com/2008/01/31/first-exploits-for-cpujan2008-published/ Oracle Security Thu, 17 May 2012 00:00:51 +0000 http://wordpress.org/?v=2.2.1 Von: Log Buffer #83: a Carnival of the Vanities for DBAs http://blog.red-database-security.com/2008/01/31/first-exploits-for-cpujan2008-published/#comment-7308 Log Buffer #83: a Carnival of the Vanities for DBAs Fri, 20 Feb 2009 22:18:32 +0000 http://blog.red-database-security.com/2008/01/31/first-exploits-for-cpujan2008-published/#comment-7308 [...] Staying with Oracle for the moment, Red Database Security’s blog reports on the First exploits for January’s CPU. [...] […] Staying with Oracle for the moment, Red Database Security’s blog reports on the First exploits for January’s CPU. […]

]]> Von: Joxean Koret http://blog.red-database-security.com/2008/01/31/first-exploits-for-cpujan2008-published/#comment-5059 Joxean Koret Fri, 01 Feb 2008 21:14:04 +0000 http://blog.red-database-security.com/2008/01/31/first-exploits-for-cpujan2008-published/#comment-5059 Sorry for the typo: >Many of these were reported to 3rd parties (iDefense and ZDI). Many "others" were reported to 3rd parties. Joxean Koret Sorry for the typo:

>Many of these were reported to 3rd parties (iDefense and ZDI).

Many “others” were reported to 3rd parties.

Joxean Koret

]]> Von: Joxean Koret http://blog.red-database-security.com/2008/01/31/first-exploits-for-cpujan2008-published/#comment-5057 Joxean Koret Fri, 01 Feb 2008 21:12:08 +0000 http://blog.red-database-security.com/2008/01/31/first-exploits-for-cpujan2008-published/#comment-5057 Hi Alex, I have 23 currently unfixed flaws in Oracle Database (taken, as you, from the secalert report). But that number only reflects the total vulnerabilities I reported directly. Many of these were reported to 3rd parties (iDefense and ZDI). Joxean Koret Hi Alex,

I have 23 currently unfixed flaws in Oracle Database (taken, as you, from the secalert report). But that number only reflects the total vulnerabilities I reported directly. Many of these were reported to 3rd parties (iDefense and ZDI).

Joxean Koret

]]> Von: Alexander Kornbrust http://blog.red-database-security.com/2008/01/31/first-exploits-for-cpujan2008-published/#comment-5052 Alexander Kornbrust Fri, 01 Feb 2008 16:11:41 +0000 http://blog.red-database-security.com/2008/01/31/first-exploits-for-cpujan2008-published/#comment-5052 Joxean and Alexandr How many open vulnerabilities do you have in the Oracle database at the moment (if this information is not a secret)? We have only 32 open vulnerabilities in the database (taken from the January report from secalert). Alexander Joxean and Alexandr

How many open vulnerabilities do you have in the Oracle database at the moment (if this information is not a secret)?

We have only 32 open vulnerabilities in the database (taken from the January report from secalert).

Alexander

]]> Von: Alexander Kornbrust http://blog.red-database-security.com/2008/01/31/first-exploits-for-cpujan2008-published/#comment-5051 Alexander Kornbrust Fri, 01 Feb 2008 16:06:10 +0000 http://blog.red-database-security.com/2008/01/31/first-exploits-for-cpujan2008-published/#comment-5051 Hi Alexandr, sorry I missed the forth exploit. I did not saw that your exploit was different from the one published a few months ago on bugtraq. The exploit was looking so similar but another procedure was affected. -- It's not unusual that different researchers are finding / reporting the same vulnerabilities. In this case it seems that Joxean found the bugs already 2005/2006. Hi Alexandr,

sorry I missed the forth exploit. I did not saw that your exploit was different from the one published a few months ago on bugtraq. The exploit was looking so similar but another procedure was affected.

It’s not unusual that different researchers are finding / reporting the same vulnerabilities. In this case it seems that Joxean found the bugs already 2005/2006.

]]>