Patch for Potential Buffer Overflow Vulnerabilities in Oracle Internet Directory Description: Several potential buffer overflow vulnerabilities have been discovered in the Oracle Internet Directory executables 'oidldapd' and 'oidmon'. These vulnerabilities were originally found in Oracle Internet Directory (OID) 2.0, Release 2.0.6, on Linux. (Note: OID 2.0.6 on LINUX was a beta release.) Workaround: Oracle recommends that customers implement the following workaround: change the file permissions to 710 on the 'oidldapd' and 'oidmon' executables. These permissions will limit access (to the executables) to a small, privileged group of users on the host machine. Patch Information: Oracle has comprehensively fixed these vulnerabilities in the OID 2.0, Release 2.0.6.3, patch set on Solaris and in the forthcoming OID 2.1, Release 2.1.1.1, patch set. The OID 2.0.6.3 patch set is available on Metalink, Oracle's Support Services site, http://metalink.oracle.com. Oracle intends to produce this patch on additional platforms as well. Credits: Oracle would like to thank Juan Manuel Pascual EscribĂ for discovering these vulnerabilities and promptly bringing them to Oracle's attention.
