[Previous entry: "Red Database Security has released 5 Oracle security bug advisories"] [Next entry: "Steven Feuerstein has started a weblog"]
Bug DBC02 in CPU Jan 2006 found by Joxean Koret identified
January 19th, 2006 by Pete
Post to del.icio.us
Post to Furl
Alex sent me an email to say that he had managed to identify the bug reported and fixed in Critical Patch Update January 2006 identified as DBC02. The bug is detailed along with bugs in 9 other binaries in Oracle 10g version 10.1.0.3.0. The post is titled "Various Buffer Overflows in Oracle 10g Tools" and is dated one year ago.
This is an interesting find as it details how this bug could be exploited. Remember this information has been in the public domain for around one year and the patch has been available for two days. These quarterly patches from Oracle are starting to include many fixes for security bugs. Clearly a lot of the bugs fixed have been known either completely publically or at least amongst smaller groups. This is a clear sign for every customer to patch as quickly as possible!
