In my previous blog, I tried to explain why the fundamental Oracle flaw is dangerous. On the other hand, in my tests I couldn’t find a way to pass a higher SCN to a target DB to crash it. Since then, I’m trying to verify that this flaw can be can exploited. Here’s a short video of one of my tests:
So what’s the next move? According to my first impressions, the latest CPU Patch solves the SCN problem. Patched database detects big SCN jumps and denies remote transactions. So I’ll repeat myself again: Please apply the CPU as soon as possible.