Re: Oracle 8 root exploit

From: Chris Calabrese (chris_calabreseat_private)
Date: Tue Nov 16 1999 - 13:23:49 PST

Next message: Dennis W. Mattison: "[Fwd: Printer Vulnerability: Tektronix PhaserLink Webserver gives"

Previous message: Dan Stromberg: "rpc.ttdbserverd on solaris 7"
Maybe in reply to: Tellier, Brock: "Oracle 8 root exploit"
Next in thread: Adam and Christine Levin: "Re: Oracle 8 root exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I just tested some machines both with and without
Oracle's patch for the bug related to trusting
$ORACLE_HOME when calling dbsnmp.

Good news.  The patch does indeed address the bug
related to using sym-links from ./dbsnmpc.log and
./dbsnmpw.log to over-write root-owned files that
Brock Teller reported on the other day.

However, Intelligent Agent 8.1.5 (the version Brock
reported on) does not have a patch available for it.
This is pretty strange considering that there's a
patch for 8.0.5 and that other 8.0.6 and 8.1.x
releases don't have the vulnerability.


=====

__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com

Next message: Dennis W. Mattison: "[Fwd: Printer Vulnerability: Tektronix PhaserLink Webserver gives"
Previous message: Dan Stromberg: "rpc.ttdbserverd on solaris 7"
Maybe in reply to: Tellier, Brock: "Oracle 8 root exploit"
Next in thread: Adam and Christine Levin: "Re: Oracle 8 root exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:04 PDT