Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> cpujan2006 client issues

cpujan2006 client issues

From: Ray Stell <stellr_at_cns.vt.edu>
Date: Tue, 31 Jan 2006 08:57:01 -0500
Message-ID: <20060131135701.GC4682@cns.vt.edu> 





    
  
  1.   343382.1 says, "One vulnerability (DBC02) is in a utility that can
be forced to terminate if given long arguments, potentially allowing
code of an attacker's choice to be executed. However, this utility is
not installed with setuid (elevated) privileges, so the risk that it
can be effectively exploited is very low."






 Do we know if a patched server vulnerable to this client issue?



 Isn't is a bit absurd to think the risk is low because of
 the default install characteristics?  What, black hats
 don't know how to use the chmod cmd?



2. 343384.1 says, "Please do not open an issue with Support for additional
information on the vulnerabilities.



 So, how do I get an answer to the above questions?



3. I asked these questions on the metalink unix installation forum yesterday.
Today, my note is gone.  "I'm speechless, I am without speech."

--
http://www.freelists.org/webpage/oracle-l


Received on Tue Jan 31 2006 - 07:57:01 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US