Re: *Huge* security hole in Oracle 8.0.5 with Intellegent agent

• Previous message: Gary Kalbfleisch: "FW: NT Security: Domain user adding self to Domain Admin group."
• Next in thread: Dave Diehl: "Re: *Huge* security hole in Oracle 8.0.5 with Intellegent agent"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

John Ritchie wrote:

> On Fri, 30 Apr 1999, Anthony Clarke wrote:
>
>
> When I pressed them as to whether or not they would release patches and
> information to users who already have 8.0.5 installed they said they had
> no mechanism to do that.  In other words, YOYO.  (They could learn
> something about patch releases and access from their good buddies at Sun).
>
> So if you've installed Oracle's Intelligent Agent or aren't sure if it's
> installed then check your oratclsh and fix that bit.  The only systems
> I've had experience on are 8.0.5 for Solaris and Linux but I'd check any
> 8.x release on any platform if it were mine.
>
> John Ritchie
> Systems Software Analyst
> Oregon University System

    I patched my Linux version of oracle to 8.0.5.1.  When I checked for this
vulnerability, the suid bit was not set, and the ownership of oratclsh was
oracle.oracle.
    So it seems likely that upgrading to 8.0.5.1 will fix the problem.  On Linux,
this was necessary to fix many other nasty bugs anyway.

    David Adrian
    temp99at_private

• Next message: Stout, Bill: "JDEdwards application passwords"
• Previous message: Gary Kalbfleisch: "FW: NT Security: Domain user adding self to Domain Admin group."
• Next in thread: Dave Diehl: "Re: *Huge* security hole in Oracle 8.0.5 with Intellegent agent"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:44:43 PDT