On Tue, 16 Nov 1999, Chris Calabrese wrote: > I just tested some machines both with and without > Oracle's patch for the bug related to trusting > $ORACLE_HOME when calling dbsnmp. > > Good news. The patch does indeed address the bug > related to using sym-links from ./dbsnmpc.log and > ./dbsnmpw.log to over-write root-owned files that > Brock Teller reported on the other day. > > However, Intelligent Agent 8.1.5 (the version Brock > reported on) does not have a patch available for it. > This is pretty strange considering that there's a > patch for 8.0.5 and that other 8.0.6 and 8.1.x > releases don't have the vulnerability. Are there patches for earlier versions of Oracle? (Specifically 7.3.4.) The exploit works on that version as well. alan@ctrl-alt-del.com | Note to AOL users: for a quick shortcut to reply Alan Olsen | to my mail, just hit the ctrl, alt and del keys. "In the future, everything will have its 15 minutes of blame."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:35 PDT