Call: +44 (0)7759 277220 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Women who know Oracle and security"] [Next entry: "An exploit has been published for database security bug DB27"]

Alex has posted an excellent analysis of the CPU Oct 18 database security bugs

Late start this evening with blogs. I have just spoken to Alex on a chat session and he has let me know that he has added a great page to his site where he has analysed all of the database bugs fixed in the CPU October 18 2005 patch set. The page is titled "Details Oracle Critical Patch Update October 2005 - V1.00" and it details each package, the function or procedure name affected, which user or role has been granted permissions on the package and also the type of issues. This could be SQL Injection, buffer overflow or other bug. Alex could not map some of the bugs identified by Oracles DBXX numbers, these are listed at the top although I think these will come!