Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: PeteFinnigan.com Oracle advisory for bugs in dbms_scheduler (alert #68)

Re: PeteFinnigan.com Oracle advisory for bugs in dbms_scheduler (alert #68)

From: Jonathan Gennick <jonathan_at_gennick.com>
Date: Thu, 2 Sep 2004 08:33:18 -0400
Message-ID: <1971298648678.20040902083318@gennick.com> 





This alert apparently covers several flaws. I'm actually
taken-aback by how long it's taken Oracle to respond to the
one Pete and I uncovered back in March, which let's you
leverage the new scheduler to gain access to the Oracle
user, and thence to grant yourself DBA privileges.



Best regards,



Jonathan Gennick --- Brighten the corner where you are
http://Gennick.com * 906.387.1698 * mailto:jonathan@gennick.com



Join the Oracle-article list and receive one
article on Oracle technologies per month by 
email. To join, visit http://five.pairlist.net/mailman/listinfo/oracle-article, 
or send email to Oracle-article-request_at_gennick.com and 
include the word "subscribe" in either the subject or body.




Wednesday, September 1, 2004, 3:06:15 PM, Pete Finnigan (oracle_list_at_peterfinnigan.demon.co.uk) wrote:
PF> Hi everyone,


PF> Oracle released last night alert #68 covering fixes for many security
PF> bugs in Oracle. PeteFinnigan.com found security bugs in the new 10gR1
PF> scheduler functionality. Our security advisory can be found at
PF> http://www.petefinnigan.com/alerts.htm





PF> Kind regards



PF> Pete


---
To unsubscribe - mailto:oracle-l-request_at_freelists.org&subject=unsubscribe 
To read recent messages - http://freelists.org/archives/oracle-l/09-2004


Received on Thu Sep 02 2004 - 12:07:56 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US