Slashdot Mirror

← Back to Stories (view on slashdot.org)

Emergency Workaround For Oracle 0-Day

Posted by kdawson on from the maybe-somebody-shorted-the-stock dept.

Almost Live writes "Oracle has released an out-of-cycle alert to offer mitigation for a zero-day exploit that's been posted on the Internet. The emergency workaround addresses an unpatched remote buffer overflow that's remotely exploitable without the need for a username and password, and can result in compromising the confidentiality, integrity, and availability of the targeted system." Whoever published the vulnerability and matching exploit code did not contact Oracle first.

10 of 152 comments (clear)

  1. Haha! by Anonymous Coward · · Score: 5, Informative

    Anyone else remember Oracle's ad campaign claiming to be "unbreakable"?

  2. nice timing by Anonymous Coward · · Score: 5, Funny

    This would seem to be a pretty decent answer to the previous thread (How do geeks get exercise).

    1. Re:nice timing by jd · · Score: 5, Funny

      Hmmm. Is it indoors? Check. Lots of sweating? Check. Potential for heart attacks in unfit people? Check. Ok, it meets the criteria.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  3. Re:Unbreakable by dannycarroll · · Score: 5, Informative

    This exploit affects the Weblogic product. Oracle only acquired that a few months ago.

    It's got squat to do with the DB product.

  4. Worthless by jlarocco · · Score: 5, Funny

    For christ's sake. At least link to the fucking Oracle page.

    If I wanted to read ZDNet, I'd just go to fucking ZDNet.

    --
    Maybe not
  5. Re:Another victim of C/C++ lack of array safety by SpazmodeusG · · Score: 5, Informative

    C++ does know the size of arrays. That's why you call call delete [] myArray; without specifying the size of the array.
    What C++ doesn't do is test if the index is out of bounds every time you access the array. It makes it faster but you should remember to put the test in if the index isn't guaranteed to be correct.

  6. One man's ruffianity... by Capt.+Skinny · · Score: 5, Insightful

    One man's unrefined ruffianity is another man's unconscious vernacular.

    Moving to a university research lab after five years in IT at a paper mill in East Bumville, I really had to make a conscious effort to unlearn the conversational vernacular that I had picked up over the last few years.

    Oh, and I believe the correct expression is "Do you kiss your mother with that mouth?"

    1. Re:One man's ruffianity... by ozphx · · Score: 5, Funny

      And the correct answer is "No, but I kiss yours."

      --
      3laws: No freebies, no backsies, GTFO.
  7. Re:That's why I use... by ruiner13 · · Score: 5, Funny

    SQL: >select * from pages(start=1,end=1222) order by name asc
    [command executing...]
    [timeout ID-10-T - CPU has entered sleep mode]
    /usr/bin >

    --

    today is spelling optional day.

  8. Re:perhaps if they paid ... by rubycodez · · Score: 5, Informative

    this is an article about an exploit in the BEA Weblogic J2EE Server, which until very recently had nothing to do with Oracle (the company) at all nor Oracle (the DBMS)

    I can't believe all the tards here going off about Oracle's DBMS code base.