On Tue, 16 Nov 1999, Chris Calabrese wrote:
> I just tested some machines both with and without
> Oracle's patch for the bug related to trusting
> $ORACLE_HOME when calling dbsnmp.
>
> Good news. The patch does indeed address the bug
> related to using sym-links from ./dbsnmpc.log and
> ./dbsnmpw.log to over-write root-owned files that
> Brock Teller reported on the other day.
>
> However, Intelligent Agent 8.1.5 (the version Brock
> reported on) does not have a patch available for it.
> This is pretty strange considering that there's a
> patch for 8.0.5 and that other 8.0.6 and 8.1.x
> releases don't have the vulnerability.
Are there patches for earlier versions of Oracle? (Specifically 7.3.4.)
The exploit works on that version as well.
[EMAIL PROTECTED] | Note to AOL users: for a quick shortcut to reply
Alan Olsen | to my mail, just hit the ctrl, alt and del keys.
"In the future, everything will have its 15 minutes of blame."
