| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Do not connect Oracle DB to the Internet. Oracle Alert #59
Sorry,
It is not readable.
Kind Regards,
Hatzistavrou Yannis
-----Original Message-----
Sent: Friday, October 24, 2003 6:40 PM
To: Multiple recipients of list ORACLE-L
Hi Mike
Here it is again. Let me know if you can read it.
ta
tony
At 08:54 AM 23/10/2003 -0800, Vergara, Michael (TEM) wrote:
Tony:
I did not receive the attachment clearly. Can you re-send it or cite the source?
Thanks,
Mike
-----Original Message-----
Sent: Thursday, October 23, 2003 6:25 AM
To: Multiple recipients of list ORACLE-L
Important: Please read the following Oracle Alert.
We strongly recommend that you do not connect the Oracle Database
directly to the Internet.
Got your attention? That is what is in the Alert. These alerts are beginning
to come all too often. Sounds just like Microsoft's software, yeah?
Buffer Overflow in Oracle Database Server Binaries
This is with the Oracle kernel/binary itself ie 'oracle' or 'oracleO' file
in $ORACLE_HOME/bin.
Description
A potential buffer overflow has been discovered in the "oracle" and "oracleO" (the letter O) binaries
of the Oracle Database. A knowledgeable and malicious local user can exploit this buffer overflow
to execute code on the operating system hosting the Oracle Database server.
Products Affected
Platforms Affected
All supported UNIX and Linux operating system variants.
Patch only available for Linux right now.
So who found out this vulnerability? David Litchfield? Aaron Newman?
I know it is a bit silly to ask but does anyone know how
to exploit this vulnerability? Send it to me directly if you dont want to
reply publicly
ta
tony
-- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Hatzistavrou John INET: John.Hatzistavrou.sema_at_mail.tellas.gr Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Mon Oct 27 2003 - 01:19:26 CST
 |
 |