Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Red Database Security has released 5 Oracle security bug advisories"] [Next entry: "Steven Feuerstein has started a weblog"]

Bug DBC02 in CPU Jan 2006 found by Joxean Koret identified

Alex sent me an email to say that he had managed to identify the bug reported and fixed in Critical Patch Update January 2006 identified as DBC02. The bug is detailed along with bugs in 9 other binaries in Oracle 10g version The post is titled "Various Buffer Overflows in Oracle 10g Tools" and is dated one year ago.

This is an interesting find as it details how this bug could be exploited. Remember this information has been in the public domain for around one year and the patch has been available for two days. These quarterly patches from Oracle are starting to include many fixes for security bugs. Clearly a lot of the bugs fixed have been known either completely publically or at least amongst smaller groups. This is a clear sign for every customer to patch as quickly as possible!