Thursday, October 20, 2005

Researcher: Oracle Patch Set Flawed Again

Lisa Vaas writes in eWeek:

A security researcher has reported that Oracle's most recent quarterly cumulative patch update, released on Tuesday, leaves some flaws exploitable.

David Litchfield, a security research with Next Generation Security Software Ltd., was in the process of auditing the CPU when this story was posted.

Litchfield on Wednesday evening posted to BugTraq a message saying that the patch is still lacking.

"Having downloaded and given the Oracle October patch a cursory examination, some of the flaws Oracle told me were being fixed, remain exploitable," he wrote. "Once again the patch is not sufficient. I will conduct a full investigation of the patch over the coming few days and post some recommendations once complete."

0 Comments:

Post a Comment

<< Home