Re: [ISN] Oracle Patch Fixes 23 'Critical' Vulnerabilities

From: InfoSec News (isn@private)
Date: Fri Jan 21 2005 - 00:07:01 PST


Forwarded from: security curmudgeon <jericho@private>

: In the past, Oracle has been criticized for its lackadaisical approach 
: to addressing critical security flaws. At the Black Hat security 
: conference in Las Vegas last year, NGS Software pushed the envelope by 
: releasing details on more than two dozen security holes in Oracle 
: products that had not been fixed.
: 
: At the time, NGS Software said Oracle was aware of the vulnerabilities - 
: some of them critical - for several months.

Several months? From this round of patches..

http://www.red-database-security.com/content6.html

History:

 03 April 2003                        Oracle was informed

 18 April 2003                        Bug confirmed

 18 Januar 2005                       Oracle published alert 69


Just under two years for this issue?

http://archives.cnn.com/2002/TECH/industry/01/21/oracle.unbreakable.idg/

Oracle Corp. Chairman and Chief Executive Officer Larry Ellison said
Thursday that Oracle software remains unbreakable and mocked a memo
sent this week by arch rival Bill Gates stressing to Microsoft Corp.'s
employees the importance of security in the company's products.

http://www.osvdb.org/searchdb.php?action=search_title&vuln_title=oracle&Search=Search

"Microsoft isn't good at security. We're good at that.." -- Larry Ellison



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Fri Jan 21 2005 - 01:23:15 PST