I forgot, i'm serious the +60 issues are true and are
not fixed yet. So if you are running Oracle database
then be careful, and remember to start complaining to
Oracle!!!.
Cesar.
--- Cesar <[EMAIL PROTECTED]> wrote:
> Don't worry, Oracle sucks, probably they won't say
> anything.
>
> Just to clar
Don't worry, Oracle sucks, probably they won't say
anything.
Just to clarify(oh my god, i feel sorry about Oracle
users, it's a pain in the ass to find the correct
patches, to install them, etc.) the patch that fix
these vulnerabilities is Patch 3 from January 2 it
goes on top of Patchset 3 (9.2.0
> Hey Chris.
Hey Cesar.
>
> First of all, your advisories are a bit wrong:
> ...Systems Affected: Oracle 9 prior to 9.2.0.3
>
> Actually Systems affected are Oracle 9 prior to
> 9.2.0.4 (Patchset 3).
>
> The date in Metalink site of the Patch that fixes
> these vulnerabilities is January 2 and y
Hey Chris.
First of all, your advisories are a bit wrong:
...Systems Affected:Oracle 9 prior to 9.2.0.3
Actually Systems affected are Oracle 9 prior to
9.2.0.4 (Patchset 3).
The date in Metalink site of the Patch that fixes
these vulnerabilities is January 2 and your advisories
are from Dece
Hey Cesar.
These are known bugs.
We (NGS) found and reported them last year. As you say, Oracle has
already fixed them and released a patch. Check out
http://www.nextgenss.com/research.html
...where we posted advisories on these bugs in December, along with
another couple in from_tz and time_zo
Security Advisory
Name: Oracle Database 9ir2 Interval Conversion
Functions Buffer Overflow.
System Affected : Oracle Database 9ir2, previous
versions could be affected too.
Severity : High
Remote exploitable : Yes
Author:Cesar Cerrudo.
Date:02/05/04
Advisory Number:CC020401
Lega
