David Adrian wrote: > > John Ritchie wrote: > > > On Fri, 30 Apr 1999, Anthony Clarke wrote: <snip> > > So if you've installed Oracle's Intelligent Agent or aren't sure if it's > > installed then check your oratclsh and fix that bit. The only systems > > I've had experience on are 8.0.5 for Solaris and Linux but I'd check any > > 8.x release on any platform if it were mine. <snip> > I patched my Linux version of oracle to 8.0.5.1. When I checked for this > vulnerability, the suid bit was not set, and the ownership of oratclsh was > oracle.oracle. > So it seems likely that upgrading to 8.0.5.1 will fix the problem. On Linux, > this was necessary to fix many other nasty bugs anyway. Well, I patched to 8.0.5.1 on Digital Unix a while ago and discovered on Friday that oratclsh was still suid root so at least on my platform 8.0.5.1 did not solve the problem. Jeff Long
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:44:44 PDT