There's a new vulnerability discovered in the Oracle Internet Directory
(Oracle's LDAP server). It has been in the database since 7/16, but I
haven't seen it mentioned here yet.
Here are links to the details of the advisory:
"Oracle Internet Directory contains multiple vulnerabilities in LDAP
handling code"
http://www.kb.cert.org/vuls/id/869184
http://www.securityfocus.com/bid/3047
http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf
Regards,
Aaron C. Newman
CTO/Founder
Application Security, Inc.
212-490-6022
[EMAIL PROTECTED]
www.appsecinc.com
-Protection Where It Counts-
