ploit, and motivation to fix the problem regardless of
"architectural constraints", I don't think they will.
Regards,
Daymon
- Original Message -
From: "David Litchfield"
To:
Sent: Saturday, July 26, 2003 7:05 PM
Subject: question about oracle advisory
Hello
I can confirm that this is Oracle's stance. I opened a TAR (technical
assistance request) to ask that they make the patch available for 8i,
which is supposed to receive error correction support until December 31,
2003. Their reply, in summary, is:
1) Bug 2716764 was introduced in 9.2 and does no
Hello Daymon and All,
I have CC'd in the Oracle Security Team
> Do you have any plans to release proof of concept code for the Oracle
> exploit? The reason I ask is that "due to architectural constraints,"
> Oracle is not planning on releasing a patch for 8i releases. We contacted
> them abo
;Tina Bird" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 25, 2003 8:59 PM
Subject: question about oracle advisory
>
> Oracle's released three security-related patches today. I'm trying to
> get my head around them to write up a Stanford Securit
Oracle's released three security-related patches today. I'm trying to
get my head around them to write up a Stanford Security Alert, but
there's conflicting information. According to
http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf the buffer
overflow in the EXTPROC code can only be tri