Well, as time moves forward we find more often that time from vulnerability to exploit is narrowing at an exponential rate. Oracle just released a major security patch on Tuesday and now 2 days later we have the exploit. It was published to the security mailing list BugTraq and targets version 10g.
The U.S. Computer Emergency Readiness Team added its voice on Wednesday, urging users in an alert to apply Oracle’s fixes.
Here’s a list of the affected systems from the US-Cert site.
Systems Affected* Oracle Database 10g
* Oracle9i Database
* Oracle8i Database
* Oracle Enterprise Manager 10g Grid Control
* Oracle Application Server 10g
* Oracle Collaboration Suite 10g
* Oracle9i Collaboration Suite
* Oracle E-Business Suite Release 11i
* Oracle E-Business Suite Release 11.0
* Oracle Pharmaceutical Applications
* JD Edwards EnterpriseOne, OneWorld Tools
* Oracle PeopleSoft Enterprise Tools
* Oracle Workflow
* Oracle Developer Suite 6i
[tags]Oracle, Exploit, Database[/tags]