Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "An example of using DBMS_CRYPTO"] [Next entry: "Exploit circulating for newly patched Oracle bug - It can crash an unpatched database server"]

Researcher: Oracle Patch Set Flawed Again



I saw a good news article on EWeek yesterday and made a note of it. The article is by Lisa Vaas and is titled "Researcher: Oracle Patch Set Flawed Again". It talks about David Litchfield’s claims that after reviewing the CPU Oct 2005 patch set that some of the bugs he reported are still exploitable. It is not clear whether he means that the actual bugs are not fixed or that the same general issue is still exploitable elsewhere in the same packages. Or could it be a combination of both scenarios. Lisa says that David is still investigating.