Slashdot Mirror
Emergency Workaround For Oracle 0-Day
Almost Live writes "Oracle has released an out-of-cycle alert to offer mitigation for a zero-day exploit that's been posted on the Internet. The emergency workaround addresses an unpatched remote buffer overflow that's remotely exploitable without the need for a username and password, and can result in compromising the confidentiality, integrity, and availability of the targeted system." Whoever published the vulnerability and matching exploit code did not contact Oracle first.
I would have thought that an exploit like this would be worth a huge amount of money ... For Oracle, but now for the great pool of unwashed out there.
It strikes me that if Oracle (and other HUGE software vendors) were to offer substantial cash incentives to find holes as gaping as this one obviously is, that the exploit would have been reported directly to Oracle. By substantial i mean in excess of 100,000 euros. (I would have said US dollars, but that currency isn't worth much any more!)
i just tried to google mod_wl and the first page
of the results do not clearly tell me what mod_wl
even does. i do not know a single person who uses
it and i work a large ISP.
this has nothing to do with oracle's database and
i think slashdot editors really need to stop with
these silly headlines designed to get me to click
on stories. grow up! make a profit without deceit!
frankly, this post about this overflow is such
a non issue for me it is funny.
can anyone explain what in the heck mod_wl even does?
One man's unrefined ruffianity is another man's unconscious vernacular.
Moving to a university research lab after five years in IT at a paper mill in East Bumville, I really had to make a conscious effort to unlearn the conversational vernacular that I had picked up over the last few years.
Oh, and I believe the correct expression is "Do you kiss your mother with that mouth?"