Home -> Mailing Lists -> Oracle-L -> RE: Security privilege escalation

RE: Security privilege escalation

From: Stefan Koehler <contact_at_soocs.de>
Date: Wed, 13 Jul 2022 09:07:43 +0200 (CEST)
Message-ID: <558364711.330293.1657696063030_at_ox.hosteurope.de> 






Who does not remember the famous Oracle blog post "No, You Really Can’t" ( https://web.archive.org/web/20150811052336/https://blogs.oracle.com/maryanndavidson/entry/no_you_really_can_t )



"Q. What is Oracle’s policy in regards to the submission of security vulnerabilities (found by tools or not)?



    
  
  1.   We require customers to open a service request (one per vulnerability) and provide a test case to verify that the alleged vulnerability is exploitable. The purpose of this policy is to try to weed out the very large number of inaccurate findings by security tools (false positives)."






Have fun with support ;-)



Best Regards


Stefan Koehler



Independent Oracle performance consultant and researcher
Website: http://www.soocs.de


Twitter: _at_OracleSK



> Noveljic Nenad <nenad.noveljic_at_vontobel.com> hat am 12.07.2022 18:37 CEST geschrieben:


> 




> The affected module is the trace file analyzer (TFA) that is installed together with the Clusterware. Would you happen to know the best contact for that?


> 

> I’d like to avoid dealing with the support.

> 

> Thanks,

> 

> Nenad

--
http://www.freelists.org/webpage/oracle-l


Received on Wed Jul 13 2022 - 09:07:43 CEST












Original text of this message