Slashdot Mirror

← Back to Stories (view on slashdot.org)

Emergency Workaround For Oracle 0-Day

Posted by kdawson on Tuesday July 29, 2008 @03:04PM from the maybe-somebody-shorted-the-stock dept.

Almost Live writes "Oracle has released an out-of-cycle alert to offer mitigation for a zero-day exploit that's been posted on the Internet. The emergency workaround addresses an unpatched remote buffer overflow that's remotely exploitable without the need for a username and password, and can result in compromising the confidentiality, integrity, and availability of the targeted system." Whoever published the vulnerability and matching exploit code did not contact Oracle first.

1 of 152 comments (clear)

Min score:

Reason:

Sort:

Another victim of C/C++ lack of array safety by Animats · 2008-07-29 15:36 · Score: 0, Flamebait

The C/C++ defect that the compiler has no idea of the size of an array claims another victim.