Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Week of Oracle Database Bugs

Posted by ryuzaki0 on Tuesday November 21, 2006 @06:38AM from the your-turn dept.

os2man writes "After the Month of Browser Bugs and the Month of Kernel Bugs, December will have a Week of Oracle Database Bugs. This project will release, every day for a week, a new 0-day bug specific to Oracle in order to show the current status of its [in]security. They are currently asking for new bugs, in order to extend the publication of new exploits a few more days."

1 of 56 comments (clear)

Min score:

Reason:

Sort:

Great by Spritzer · 2006-11-21 06:39 · Score: 4, Interesting

Maybe they should look at security issues with Oracle's Discoverer client as well. It's pretty sad when having "@" in your password will compromise every character that follows within your password. For example, if ODB password were Sl@shd0t! and the database to connect to were BOB, at the next login the Connect field would be filled with shd0t!@BOB. Not a huge issue, but certainly a risk if multiple people with varying permissions/responsibilities in Oracle have access to a machine with Discoverer.