[Previous entry: "Women who know Oracle and security"] [Next entry: "An exploit has been published for database security bug DB27"]
Alex has posted an excellent analysis of the CPU Oct 18 database security bugs
October 20th, 2005 by Pete
Post to del.icio.us
Post to Furl
Late start this evening with blogs. I have just spoken to Alex on a chat session and he has let me know that he has added a great page to his site where he has analysed all of the database bugs fixed in the CPU October 18 2005 patch set. The page is titled "Details Oracle Critical Patch Update October 2005 - V1.00" and it details each package, the function or procedure name affected, which user or role has been granted permissions on the package and also the type of issues. This could be SQL Injection, buffer overflow or other bug. Alex could not map some of the bugs identified by Oracles DBXX numbers, these are listed at the top although I think these will come!
