Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Alex has posted an excellent analysis of the CPU Oct 18 database security bugs"] [Next entry: "Easy connect identifier"]

An exploit has been published for database security bug DB27

Today someone has published an exploit for one of the bugs fixed in the CPU Oct 18 2005 security patch released by Oracle. The exploit was published to the Full Disclosure list by some remaining anonymous. The post is titled "[Full-disclosure] Exploit Oracle DB27 - CPU Octobre". It is not good that exploits are now in the public domain as anyone who has not patched is now vulnerable. all customers of Oracle should patch promptly.