Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Make Oracle PCI compliant"] [Next entry: "Hacking hardened and patched Oracle databases"]

Security analysis of the JInitiator buffer overflows

Steve Kost has a good paper on his site titled "Security Analysis - Oracle JInitiator 1.1.8 Buffer Overflow Vulnerability Analysis" that talks about the recent JInitiator bugs found and reported by Will DorMann at US-Cert. Steve's paper gives an overview of the bug, an overview of JInitiator, the ActiveX Control overview, vulnerability analysis, a risk analysis and then goes into remediation steps that can be taken. This is a very detailed analysis and if, particularly you run E-Business Suite you should read and take note.