Re: [Full-disclosure] RE: Oracle read-only user can insert/update/delete data



And I have to say once again: your vendor is very careless and irresponsible for publishing
so much crappy code. This is what is really endangering many customer production databases.

That and the mentality that they can only offer this kind gentleman "*small amount of fame*" for his
time had he chosen to work with them in a more "responsible" manor.

Go bitch to your vendor.... stop trying to kill the messenger.

Even if they do include the fix in the next cpu... how many other holes are laying around for you to worry about it. I'd be willing to bet theres a few.

Wake up people.... these companies pwn your wallet and feed you BS products.
-KF


Van Winssen, Andre A SITI-ITIBHW5 wrote:

Alexander,
I have to say it once again: your company is very careless and irresponsible for publishing so much detail about this new oracle security flaw for which no patch exists yet, endangering
many customer production databases.
I have sent testcases to Oracle too that shows that it works against any oracle version currently
available. I expect oracle to include the fix in the next cpu, but have my doubts.

Kind regards,
Andre van Winssen

-


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • [Full-disclosure] RE: Oracle read-only user can insert/update/delete data
    ... I have to say it once again: your company is very careless and irresponsible for publishing ... so much detail about this new oracle security flaw for which no patch exists yet, ... I have sent testcases to Oracle too that shows that it works against any oracle version currently ...
    (Full-Disclosure)
  • Oracle 10g publisher to SQL Server 2005
    ... I am running a Publishing Service on Oracle 10g. ... I am trying to set up a Distributor on SQL Server 2005. ... Oracle Server Instance 'BOSSSPEC' cannot be enabled as a Publisher ...
    (microsoft.public.sqlserver.replication)
  • Oracle 10g publisher to SQL Server 2005
    ... I am running a Publishing Service on Oracle 10g. ... I am trying to set up a Distributor on SQL Server 2005. ... Oracle Server Instance 'BOSSSPEC' cannot be enabled as a Publisher ...
    (microsoft.public.sqlserver.replication)
  • Re: Informix beats Oracle
    ... Doesn't oracle have a EUA about publishing ... benchmark results without their written approval. ... It is so lame I expect Oracle will just ignore it. ...
    (comp.databases.informix)