[Previous entry: "Making Oracle Forms more secure"] [Next entry: "More insights to CPU 12 April and public exploit code"]
Esteban Martínez Fayó releases his security advisories for CPU 12 April
April 18th, 2005 by Pete
Post to del.icio.us
Post to Furl
Esteban Martínez Fayó just emailed me to let me know that he has released advisories for the bugs he found in Oracle that were patched with the CPU 12 April patch set. His bugs were found for Application Security Inc. Esteban has found five bugs, these can be found on Application Security Inc's Oracle Security Alerts page. The bugs are Denial of Service in Oracle interMedia, Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages, Multiple SQL Injection vulnerabilities in DBMS_METADATA package, SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure and SQL Injection in CREATE_SCN_CHANGE_SET procedure.
These advisories are worth reading as they give quite a lot more detail than Oracle's own advisory.
