Hi, >Actually this sounds like someone stole Litchfield's research - >but what do I >know. Just seems like too much coincidence since his last talk dealt with >procedure based vulns.
No, these are separate issues. This is a coordinated update that fixes multiple vulnerabilities in Oracle. Details from NGSSoftware won't be disclosed until after 3 months. However, the advisory publiced by Application Security Inc. contains sufficient data that could be abused to start exploiting Oracle databases immediately. Kind regards Peter Kruse http://www.csis.dk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
