In my previous blog, I tried to explain why the fundamental Oracle flaw is dangerous. On the other hand, in my tests I couldn’t find a way to pass a higher SCN to a target DB to crash it. Since then, I’m trying to verify that this flaw can be can exploited. Here’s a short video of one of my tests:

So what’s the next move? According to my first impressions, the latest CPU Patch solves the SCN problem. Patched database detects big SCN jumps and denies remote transactions. So I’ll repeat myself again: Please apply the CPU as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">