May 1st, 2003, 04:38 PM
What Happened to "Unbreakable"?
Here is a quote from David Lichtfield on this new vulnerability:
That quote may be a tad alarmist though. The mitigating factors are that to perform the attack you must first be authenticated to the database which means having a valid username and password. If security best practices are followed in the first place the potential for exploitation of this attack should be minimized.
Every supported version of Oracle, running on any operating system is vulnerable to this attack, which can be leveraged by even low-privileged users to gain complete control of the database.
Here is the bulletin from Oracle: Security Alert