Exploit Code Released for Oracle Hole
Lisa Vaas writes in eWeek:
Exploit code is being circulated that can crash both patched and unpatched Oracle 10g databases.
The code was posted on the Full Disclosure mailing list on Thursday.
David Litchfield, a security researcher with Next Generation Security Software Ltd., said that the code is relatively benign in that the exploit crashes servers but doesn't run arbitrary code that might issue malicious commands.
"The [circulating code] is just a pointer to how to exploit the code," he said. "Whilst it will launch a DoS [denial of service] attack, this exploit doesn't allow you to run arbitrary code. It's benign in the fact that it does nothing but crash the server—if that can be considered benign."
posted by Fergie @ 10/24/2005 01:43:00 PM
0 Comments:
Post a Comment
<< Home