-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01506861
Version: 2
HPSBUX02351 SSRT080058 rev.2 - HP-UX Running BIND, Remote DNS Cache Poisoning
NOTICE: The information in this Security Bulletin should be acted upon as soon
as possible.
rPath Security Advisory: 2008-0231-1
Published: 2008-07-19
Products:
rPath Linux 2
Rating: Major
Exposure Level Classification:
Remote System User Deterministic Weakness
Updated Versions:
[EMAIL PROTECTED]:2/9.4.2_P1-2-0.1
[EMAIL PROTECTED]:2/9.4.2_P1-2-0.1
rPath Issue Tracking
Oracle Database Local Untrusted Library Path Vulnerability
--
The Oracle July 2008 Critical Patch Update fixes a vulnerability which
allows a user in the OINSTALL/DBA group to scalate privileges to root.
Scalating Privileges from oracle to
Hi Alexandr,
Not only sysdate function can be used in
procedure without input parametres.
For example using dbms_random.value in
procedure without input parameters, we also can
inject sql code.
SQL ALTER SESSION SET NLS_NUMERIC_CHARACTERS = '''.' ;
Thanks for pointing out
Abe,
Other than a denial-of-service from the console (is the power switch now a
security vuln, too?), what can you do with this bug? It's absolutely,
unquestionably a bug; the user should see behavior as dictated by logic and
described in the documentation, but a security vulnerability?
I
