This was covered in CERT Advisory CA-2001-18, posted to bugtraq by aleph1 on July 17th. The posting is a bit miss leading and has Oracle 8i Enterprise Edition listed rather than Oracle Internet Directory (OiD). - Dave Lee In CERTs defense OiD does ship with the Enterprise Edition, but that is kind of like listing Win2K is vulnerable when it is an Exchange issue. > -----Original Message----- > From: Aaron C. Newman > [mailto:aaron@newman-family.com] > Sent: Friday, July 20, 2001 11:37 AM > To: BUGTRAQ > Subject: Oracle Vulnerability Discovered in OID > > > There's a new vulnerability discovered in the Oracle > Internet Directory > (Oracle's LDAP server). It has been in the database > since 7/16, but I > haven't seen it mentioned here yet. > > Here are links to the details of the advisory: > > "Oracle Internet Directory contains multiple > vulnerabilities in LDAP > handling code" > http://www.kb.cert.org/vuls/id/869184 > > http://www.securityfocus.com/bid/3047 > > http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf > > > Regards, > Aaron C. Newman > CTO/Founder > Application Security, Inc. > 212-490-6022 > anewmanat_private > www.appsecinc.com > -Protection Where It Counts- __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 11:14:20 PDT