Wednesday, January 25, 2006

Researcher Bares Oracle Zero-Day Flaw at Black Hat

Ryan Naraine writes on eWeek:

British security researcher David Litchfield used the spotlight of the Black Hat Federal Briefings here to call attention to a gaping flaw in the Oracle PL/SQL Gateway that remains unpatched three months after it was first reported to the database server giant.

In a rare departure from his company's policy of withholding technical details on unpatched vulnerabilities, Litchfield provided a blow-by-blow demonstration of an exploit that could be used to gain full database administrator control of the back-end database server.


Post a Comment

<< Home