Slashdot Mirror

← Back to Stories (view on slashdot.org)

Emergency Workaround For Oracle 0-Day

Posted by kdawson on from the maybe-somebody-shorted-the-stock dept.

Almost Live writes "Oracle has released an out-of-cycle alert to offer mitigation for a zero-day exploit that's been posted on the Internet. The emergency workaround addresses an unpatched remote buffer overflow that's remotely exploitable without the need for a username and password, and can result in compromising the confidentiality, integrity, and availability of the targeted system." Whoever published the vulnerability and matching exploit code did not contact Oracle first.

17 of 152 comments (clear)

  1. Whoops, that was my fault by Anonymous Coward · · Score: 4, Funny

    I sent the email to 0racle. Too much l33tness, sorry.

  2. nice timing by Anonymous Coward · · Score: 5, Funny

    This would seem to be a pretty decent answer to the previous thread (How do geeks get exercise).

    1. Re:nice timing by jd · · Score: 5, Funny

      Hmmm. Is it indoors? Check. Lots of sweating? Check. Potential for heart attacks in unfit people? Check. Ok, it meets the criteria.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  3. That's why I use... by bennomatic · · Score: 2, Funny

    ...pen and paper.

    --
    The CB App. What's your 20?
    1. Re:That's why I use... by The+MAZZTer · · Score: 4, Funny

      Can I watch you insert and sort and group 45000 rows of data? That's gotta be a sight to behold.

    2. Re:That's why I use... by ruiner13 · · Score: 5, Funny

      SQL: >select * from pages(start=1,end=1222) order by name asc
      [command executing...]
      [timeout ID-10-T - CPU has entered sleep mode]
      /usr/bin >

      --

      today is spelling optional day.

  4. Worthless by jlarocco · · Score: 5, Funny

    For christ's sake. At least link to the fucking Oracle page.

    If I wanted to read ZDNet, I'd just go to fucking ZDNet.

    --
    Maybe not
    1. Re:Worthless by Anonymous Coward · · Score: 1, Funny

      Lose the language, you unrefined ruffian. Do you talk to your mother with that mouth? Do you think it makes your point (or lack thereof) stronger? Got masculinity issues?

  5. It's a fucking Oracle !! Should it have known ?? by Anonymous Coward · · Score: 2, Funny

    Some Oracle That Is !!

  6. "0 day?" by Anonymous Coward · · Score: 1, Funny

    this exploit is over 10 days old now, slashdot you are wayyy to late on reporting this.

  7. Re:Haha! by Anonymous Coward · · Score: 1, Funny

    It was RMS, you insensitive clod!

  8. hack my trouble ticket system by magarity · · Score: 1, Funny

    Sweet, I've been wondering how to hack the trouble ticket system's Oracle back end at work. Now when a deploy has issues in production that weren't seen in development, I can retroactively fix my ticket attachments so it looks like the system engineers screwed up the deploy. Muahahahahaha!!!!

  9. A misnomer by engun · · Score: 2, Funny

    The hacker thought "Oracle" already knew ;-)

  10. Re:Another victim of C/C++ lack of array safety by Anonymous Coward · · Score: 4, Funny

    And Princess Diana is a victim of cars lack of a 30 MPH speed cap.

  11. Re:Another victim of C/C++ lack of array safety by ByOhTek · · Score: 4, Funny

    or for the love of Pete use an std::vector.

    What's love got to do with it? In fact, if you go for money, you are probably more likely to find a good std::vector. Sorry, old joke. Couldn't resist.

    --
    Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
  12. Re:One man's ruffianity... by ozphx · · Score: 5, Funny

    And the correct answer is "No, but I kiss yours."

    --
    3laws: No freebies, no backsies, GTFO.
  13. Re:Another victim of C/C++ lack of array safety by cicatrix1 · · Score: 3, Funny

    Actually a better example of C/C++ knowing the size of the arrays would of been the sizeof() operator.

    You're thinking of the infamous `size've` operator.

    --

    I know more than you drink.