Slashdot Mirror

← Back to Stories (view on slashdot.org)

Emergency Workaround For Oracle 0-Day

Posted by kdawson on Tuesday July 29, 2008 @03:04PM from the maybe-somebody-shorted-the-stock dept.

Almost Live writes "Oracle has released an out-of-cycle alert to offer mitigation for a zero-day exploit that's been posted on the Internet. The emergency workaround addresses an unpatched remote buffer overflow that's remotely exploitable without the need for a username and password, and can result in compromising the confidentiality, integrity, and availability of the targeted system." Whoever published the vulnerability and matching exploit code did not contact Oracle first.

1 of 152 comments (clear)

Min score:

Reason:

Sort:

Re:Another victim of C/C++ lack of array safety by SpazmodeusG · 2008-07-29 16:30 · Score: 0, Redundant

Actually a better example of C/C++ knowing the size of the arrays would of been the sizeof() operator. Anyway the point still stands, C/C++ intentionally don't test array bounds.