Slashdot Mirror

← Back to Stories (view on slashdot.org)

Emergency Workaround For Oracle 0-Day

Posted by kdawson on from the maybe-somebody-shorted-the-stock dept.

Almost Live writes "Oracle has released an out-of-cycle alert to offer mitigation for a zero-day exploit that's been posted on the Internet. The emergency workaround addresses an unpatched remote buffer overflow that's remotely exploitable without the need for a username and password, and can result in compromising the confidentiality, integrity, and availability of the targeted system." Whoever published the vulnerability and matching exploit code did not contact Oracle first.

4 of 152 comments (clear)

  1. Haha! by Anonymous Coward · · Score: 5, Informative

    Anyone else remember Oracle's ad campaign claiming to be "unbreakable"?

  2. Re:Unbreakable by dannycarroll · · Score: 5, Informative

    This exploit affects the Weblogic product. Oracle only acquired that a few months ago.

    It's got squat to do with the DB product.

  3. Re:Another victim of C/C++ lack of array safety by SpazmodeusG · · Score: 5, Informative

    C++ does know the size of arrays. That's why you call call delete [] myArray; without specifying the size of the array.
    What C++ doesn't do is test if the index is out of bounds every time you access the array. It makes it faster but you should remember to put the test in if the index isn't guaranteed to be correct.

  4. Re:perhaps if they paid ... by rubycodez · · Score: 5, Informative

    this is an article about an exploit in the BEA Weblogic J2EE Server, which until very recently had nothing to do with Oracle (the company) at all nor Oracle (the DBMS)

    I can't believe all the tards here going off about Oracle's DBMS code base.