Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener

From: ian stanley (iandstanleyat_private)
Date: Fri Jul 13 2001 - 08:47:57 PDT

Next message: Silviu Cojocaru: "Re: Microsoft Security Bulletin MS01-038"

Previous message: Foldi Tamas: "Re: FreeBSD 4.3 local root"
In reply to: Jair Pedro: "Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener"
Next in thread: Aaron C. Newman: "RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener"
Reply: Aaron C. Newman: "RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Friday 06 July 2001 23:24, Jair Pedro wrote:
> After reading the article, I went to oracle to download the patch and was
> very surprised that in order do download the patch I would have to Pay!!!
> To access the restrict area where I could get the patches I would have to
> had a contract with them, which costs about 22% of the licence I already
> have.
>
> I tried to explain them by phone and email that was not my fault the fact
> that their product had this serious security flaw and all they said was
> their assistance in free basis was only during the first 3 months after
> install and "you would have a lot of  advantages signing our support
> services".

Depending on your country of origin - you could have some consumer protection.

eg.  in the UK  you would probably be supported by /the sale of goods act/ 
in as much as the security of the product ought to be considered critical 
to  the enterprise concerned - and thus the product be /unfit for the purpose 
intended/.   Never mind the fact that they may have shipped faulty goods.

Even the possibility of a potential court case being filed against oracle 
based ont he being unfit for the purpose - would be rather embarrasing for 
oracle.

> I dont want support as far we have almost half a ton of books on our
> development department and all the news group on the internet...
>
> There is nothing I can do now, except to pay to correct their very own
> error, but, on my company,  I do not intend to deploy any others product
> which similiar politic$ for patches.
>
> The next time we need a database, it will not be an Oracle.
> I'd like to hear from the list if there are others companies/products with
> such an absurd policy.
>
> tks
>
> Jair
> ----- Original Message -----
> From: "Aaron C. Newman" <aaron@newman-family.com>
> To: "Jeffrey M. Smith" <jsmithat_private>; <bugtraqat_private>
> Sent: Friday, June 29, 2001 8:06 PM
> Subject: RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener
>
> > I also could not locate a patch or even a reference to the bug id either.

Next message: Silviu Cojocaru: "Re: Microsoft Security Bulletin MS01-038"
Previous message: Foldi Tamas: "Re: FreeBSD 4.3 local root"
In reply to: Jair Pedro: "Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener"
Next in thread: Aaron C. Newman: "RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener"
Reply: Aaron C. Newman: "RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jul 15 2001 - 21:11:02 PDT