-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME
(DB11)
April 28, 2008
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 9iR2, 10gR1, 10gR2 and 11gR1
Remote exploitable
Hi Team SHATTER,
Apologies for the very late reply, but I had a question regarding your
advisory. I am CC'ing Oracle's security contact in hopes they can also
reply with clarification.
: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11)
: Details:
: Oracle Database
Hi,
This is very typical and, in my opinion, you should only consider
trustworthy the Team Shatter's advisory, not the Oracle's one.
Take for example the bug APPS01[1] in Oracle Critical Patch Update of
April 2007 [2], it was a preauthenticated remote bug (with remote I mean
"from internet", not