Slashdot Mirror

← Back to Stories (view on slashdot.org)

Emergency Workaround For Oracle 0-Day

Posted by kdawson on from the maybe-somebody-shorted-the-stock dept.

Almost Live writes "Oracle has released an out-of-cycle alert to offer mitigation for a zero-day exploit that's been posted on the Internet. The emergency workaround addresses an unpatched remote buffer overflow that's remotely exploitable without the need for a username and password, and can result in compromising the confidentiality, integrity, and availability of the targeted system." Whoever published the vulnerability and matching exploit code did not contact Oracle first.

13 of 152 comments (clear)

  1. Whoops, that was my fault by Anonymous Coward · · Score: 4, Funny

    I sent the email to 0racle. Too much l33tness, sorry.

  2. nice timing by Anonymous Coward · · Score: 5, Funny

    This would seem to be a pretty decent answer to the previous thread (How do geeks get exercise).

    1. Re:nice timing by jd · · Score: 5, Funny

      Hmmm. Is it indoors? Check. Lots of sweating? Check. Potential for heart attacks in unfit people? Check. Ok, it meets the criteria.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  3. That's why I use... by bennomatic · · Score: 2, Funny

    ...pen and paper.

    --
    The CB App. What's your 20?
    1. Re:That's why I use... by The+MAZZTer · · Score: 4, Funny

      Can I watch you insert and sort and group 45000 rows of data? That's gotta be a sight to behold.

    2. Re:That's why I use... by ruiner13 · · Score: 5, Funny

      SQL: >select * from pages(start=1,end=1222) order by name asc
      [command executing...]
      [timeout ID-10-T - CPU has entered sleep mode]
      /usr/bin >

      --

      today is spelling optional day.

  4. Worthless by jlarocco · · Score: 5, Funny

    For christ's sake. At least link to the fucking Oracle page.

    If I wanted to read ZDNet, I'd just go to fucking ZDNet.

    --
    Maybe not
  5. It's a fucking Oracle !! Should it have known ?? by Anonymous Coward · · Score: 2, Funny

    Some Oracle That Is !!

  6. A misnomer by engun · · Score: 2, Funny

    The hacker thought "Oracle" already knew ;-)

  7. Re:Another victim of C/C++ lack of array safety by Anonymous Coward · · Score: 4, Funny

    And Princess Diana is a victim of cars lack of a 30 MPH speed cap.

  8. Re:Another victim of C/C++ lack of array safety by ByOhTek · · Score: 4, Funny

    or for the love of Pete use an std::vector.

    What's love got to do with it? In fact, if you go for money, you are probably more likely to find a good std::vector. Sorry, old joke. Couldn't resist.

    --
    Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
  9. Re:One man's ruffianity... by ozphx · · Score: 5, Funny

    And the correct answer is "No, but I kiss yours."

    --
    3laws: No freebies, no backsies, GTFO.
  10. Re:Another victim of C/C++ lack of array safety by cicatrix1 · · Score: 3, Funny

    Actually a better example of C/C++ knowing the size of the arrays would of been the sizeof() operator.

    You're thinking of the infamous `size've` operator.

    --

    I know more than you drink.