[ISN] Oracle Patch Fixes 23 'Critical' Vulnerabilities
InfoSec News
isn at c4i.org
Fri Jan 21 03:07:01 EST 2005
Forwarded from: security curmudgeon <jericho at attrition.org>
: In the past, Oracle has been criticized for its lackadaisical approach
: to addressing critical security flaws. At the Black Hat security
: conference in Las Vegas last year, NGS Software pushed the envelope by
: releasing details on more than two dozen security holes in Oracle
: products that had not been fixed.
:
: At the time, NGS Software said Oracle was aware of the vulnerabilities -
: some of them critical - for several months.
Several months? From this round of patches..
http://www.red-database-security.com/content6.html
History:
03 April 2003 Oracle was informed
18 April 2003 Bug confirmed
18 Januar 2005 Oracle published alert 69
Just under two years for this issue?
http://archives.cnn.com/2002/TECH/industry/01/21/oracle.unbreakable.idg/
Oracle Corp. Chairman and Chief Executive Officer Larry Ellison said
Thursday that Oracle software remains unbreakable and mocked a memo
sent this week by arch rival Bill Gates stressing to Microsoft Corp.'s
employees the importance of security in the company's products.
http://www.osvdb.org/searchdb.php?action=search_title&vuln_title=oracle&Search=Search
"Microsoft isn't good at security. We're good at that.." -- Larry Ellison
More information about the ISN
mailing list