[VIM] Oracle CPU Jan 2009 Advisories. (fwd)

security curmudgeon jericho at attrition.org
Fri Jan 16 00:40:11 UTC 2009


Per the researcher, two of his three advisories do not correspond to the 
recent CPU:

---------- Forwarded message ----------
From: Alexandr Polyakov
To: security curmudgeon <jericho at attrition.org>
Date: Thu, 15 Jan 2009 18:50:45 +0300
Subject: Re[2]: Oracle CPU Jan 2009 Advisories.

> Hi Alexandr,

> : Advisories for Oracle CPU January 2009 vulnerabilities Attached.

> DSECRG-09-002__Oracle_BEA_Weblogic_10_Linked__SS_vulnerability.txt

> DSECRG-09-003__Oracle_Database_11g__EXFSYS_plsql_injection_vulnerability.txt

> Do you know which CVE these correspond with?


this advisories is under the Security-In-Depth program and they will be 
fixed in future releases but not so critical to make a patch in this CPU.

Oracle says: "I would like to clarify that the bug has been fixed in the 
future release of WLS. We do not plan to include this fix in a CPU as the 
issue reported was a problem in a sample application and we do not believe 
that presents a vulnerability for production applications."

So Oracle said that we can disclosure this advisories now.


Polyakov Alexandr
Information Security Analyst


More information about the VIM mailing list