Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: CERT and Oracle

RE: CERT and Oracle

From: Guy Hammond <guy.hammond_at_avt.co.uk>
Date: Wed, 04 Jul 2001 02:10:05 -0700
Message-ID: <F001.00340F5D.20010704022027@fatcity.com> 






Actually, this came in yesterday:



http://www.cert.org/advisories/CA-2001-16.html



g





-----Original Message-----


Sent: Tuesday, July 03, 2001 4:46 PM


To: Multiple recipients of list ORACLE-L




Most likely because no-one (at least, I hope not) connects their Oracle
server directly to the Internet without a firewall in between, so Oracle
servers aren't exposed to hacking attempts. Also, hackers can easily get
hold of Linux, and use it to find holes in open-source programs like
sendmail and bind (two CERT favorites) but there are fewer copies of
Oracle available to non-specialists (altho' this is changing) to
experiment with, and no source code "in the wild". Oracle doesn't need
to run as root. There's not (as far as I know) a way to make Oracle
buffer-overflow and give control of the stack to arbitrary code (this is
a typical sendmail/bind exploit). There are probably more (and better)
reasons, but I think that would explain it.



Cheers,



g




-----Original Message-----


Sent: Tuesday, July 03, 2001 2:51 PM


To: Multiple recipients of list ORACLE-L




Why is Oracle listed so infrequently in the CERT advisories?



Just wondering, since Oracle security patches appear to be available
from


Oracle...



Regards,


Patrice Boivin


Systems Analyst (Oracle Certified DBA)


Systems Admin & Operations | Admin. et Exploit. des systèmes
Technology Services        | Services technologiques
Informatics Branch         | Direction de l'informatique 
Maritimes Region, DFO      | Région des Maritimes, MPO





E-Mail: boivinp_at_mar.dfo-mpo.gc.ca <mailto:boivinp_at_mar.dfo-mpo.gc.ca> 

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Guy Hammond
  INET: guy.hammond_at_avt.co.uk

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L


(or the name of mailing list you want to be removed from).  You may

also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Guy Hammond
  INET: guy.hammond_at_avt.co.uk

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L


(or the name of mailing list you want to be removed from).  You may

also send the HELP command for other information (like subscribing).


Received on Wed Jul 04 2001 - 04:10:05 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US