|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [ISN] Oracle Patch Fixes 23 'Critical' Vulnerabilities
From: InfoSec News (isn
c4i.org)
Date: Fri Jan 21 2005 - 02:07:01 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Forwarded from: security curmudgeon <jerichoattrition.org>
: In the past, Oracle has been criticized for its lackadaisical approach
: to addressing critical security flaws. At the Black Hat security
: conference in Las Vegas last year, NGS Software pushed the envelope by
: releasing details on more than two dozen security holes in Oracle
: products that had not been fixed.
:
: At the time, NGS Software said Oracle was aware of the vulnerabilities -
: some of them critical - for several months.
Several months? From this round of patches..
http://www.red-database-security.com/content6.html
History:
03 April 2003 Oracle was informed
18 April 2003 Bug confirmed
18 Januar 2005 Oracle published alert 69
Just under two years for this issue?
http://archives.cnn.com/2002/TECH/industry/01/21/oracle.unbreakable.idg/
Oracle Corp. Chairman and Chief Executive Officer Larry Ellison said
Thursday that Oracle software remains unbreakable and mocked a memo
sent this week by arch rival Bill Gates stressing to Microsoft Corp.'s
employees the importance of security in the company's products.
http://www.osvdb.org/searchdb.php?action=search_title&vuln_title=oracle&Search=Search
"Microsoft isn't good at security. We're good at that.." -- Larry Ellison
_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]