Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Team SHATTER Security Advisory Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11) April 28, 2008 Risk Level: Medium Affected versions: Oracle Database Server versions 9iR2, 10gR1, 10gR2 and 11gR1 Remote exploitable

Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11)

Hi Team SHATTER, Apologies for the very late reply, but I had a question regarding your advisory. I am CC'ing Oracle's security contact in hopes they can also reply with clarification. : Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11) : Details: : Oracle Database

Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11)

Hi, This is very typical and, in my opinion, you should only consider trustworthy the Team Shatter's advisory, not the Oracle's one. Take for example the bug APPS01[1] in Oracle Critical Patch Update of April 2007 [2], it was a preauthenticated remote bug (with remote I mean "from internet", not