RE: Do not connect Oracle DB to the Internet. Oracle Alert #59

Hi Mike

Here it is again. Let me know if you can read it.

ta
tony

At 08:54 AM 23/10/2003 -0800, Vergara, Michael (TEM) wrote:

>Tony:
>
>I did not receive the attachment clearly. Can you re-send it
>or cite the source?
>
>Thanks,
>Mike
>
>-----Original Message-----
>From: tjambu_fatcity_at_yahoo.com.au [mailto:tjambu_fatcity_at_yahoo.com.au]
>Sent: Thursday, October 23, 2003 6:25 AM
>To: Multiple recipients of list ORACLE-L
>Subject: Do not connect Oracle DB to the Internet. Oracle Alert #59
>
>Important: Please read the following Oracle Alert.
>
>We strongly recommend that you do not connect the Oracle Database
>directly to the Internet.
>
>Got your attention? That is what is in the Alert. These alerts are beginning
>to come all too often. Sounds just like Microsoft's software, yeah?
>
>Buffer Overflow in Oracle Database Server Binaries
>This is with the Oracle kernel/binary itself ie 'oracle' or 'oracleO' file
>in $ORACLE_HOME/bin.
>
>
>
>Description
>A potential buffer overflow has been discovered in the "oracle" and "oracleO" (the letter O) binaries
>of the Oracle Database. A knowledgeable and malicious local user can exploit this buffer overflow
>to execute code on the operating system hosting the Oracle Database server.
>Products Affected
>· Oracle 9i Database Release 2, Version 9.2.x
>· Oracle 9i Database Release 1, Version 9.0.x
>Platforms Affected
>All supported UNIX and Linux operating system variants.
>
>
>
>Patch only available for Linux right now.
>
>So who found out this vulnerability? David Litchfield? Aaron Newman?
>I know it is a bit silly to ask but does anyone know how
>to exploit this vulnerability? Send it to me directly if you dont want to
>reply publicly
>
>ta
>tony

Content-Type: text/plain; name="ReadMe.txt"; charset="us-ascii" Content-Transfer-Encoding: 7bit

The previous attachment was filtered out by the ListGuru mailing software at fatcity.com because binary attachments are not appropriate for mailing lists. If you want a copy of the attachment which was removed, contact the sender directly and ask for it to be sent to you by private E-mail.

This warning is inserted into all messages containing binary attachments which have been removed by ListGuru. If you have questions about this message, contact Postmaster_at_fatcity.com for clarification.

--=====================_58487861==_--

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: 
  INET: tjambu_fatcity_at_yahoo.com.au

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).



application/pdf attachment: 2003alert59.pdf