From: Ellen K. 

Looks like you're trying to make sure I read nthelp?   Which obviously I
haven't for several weeks?

Seriously, thanks.   :)

On Thu, 2 Sep 2004 15:00:18 -0400, "Geo."
 wrote in message :

>Researchers at NGSSoftware have discovered multiple critical vulnerabilities
>in Oracle Database Server and Oracle Application Server. Versions affected
>include
>Oracle Database 10g Release 1 Version 10.1.0.2
>Oracle9i Database Server Release 2, versions 9.2.0.4 and 9.2.0.5
>Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5 and 9.0.4
>Oracle8i Database Server Release 3, version 8.1.7.4
>Oracle Application Server 10g (9.0.4), versions 9.0.4.0 and 9.0.4.1
>Oracle9i Application Server Release 2, versions 9.0.2.3 and 9.0.3.1
>Oracle9i Application Server Release 1, version 1.0.2.2
>The vulnerabilities range from buffer overflow issues, PL/SQL Injection,
>trigger abuse, character set conversion bugs and denial of service. On the
>31st of August 2004 Oracle released a set of patches to address all of these
>issues (and for other flaws found by other researchers.) This patch set can
>be downloaded from the Metalink website - http://metalink.oracle.com/.
>NGSSoftware are going to withhold details about these flaws for three
>months. Full details will be published on the 31st of November 2004. This
>three month window will allow Oracle database administrators the time needed
>to test and apply the patch set before the details are released to the
>general public. This reflects NGSSoftware's new approach to responsible
>disclosure.
>NGSSQuirreL for Oracle, NGSSoftware's advanced vulnerability assessment
>scanner and security manager for Oracle, has been updated to check for and
>positively identify these flaws in Oracle database servers on the network.
>More information about NGSSQuirreL for Oracle can be found at
>http://www.nextgenss.com/squirrelora.htm.
>NGSSoftware Insight Security Research
>http://www.nextgenss.com/
>+44(0)208 401 0070
>

--- BBBS/NT v4.01 Flag-5