Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
cc:Sent by: Subject: Re: Sec
For those of you with Metalink access,
there is now a patch to this bug for 9.0.1.3
Patch number is 2121935.
Platforms covered are:
HP 9000 series HP-UX 64-bit
Sun Sparc Solaris 64-bit
IBM RS/6000 64-bit
Sun Sparc Solaris
Digital Alpha OpenVMS
LINUX Intel
Compaq
I wonder how many people have rushed out to do this on their production
instances now? ;P
-Original Message-
McDonald
Sent: 16 April 2002 23:23
To: Multiple recipients of list ORACLE-L
The problem can be worked around by issuing:
grant dba, select any table, select any dictionary to
This just in from comp.databases.oracle.server.
See metalink bug 2121935.
Using ANSI syntax joins (CROSS JOIN, LEFT OUTER etc)
allows you to view data from tables on which you have no
privilege. For example, try this COMPLETE script:
connect / as sysdba
create user us1 identified by us1;
Is this on 9i databases or is 8 involved? Ruth
- Original Message -
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Sent: Tuesday, April 16, 2002 7:33 AM
This just in from comp.databases.oracle.server.
See metalink bug 2121935.
Using ANSI syntax joins (CROSS JOIN,
9i - Can't break it, can't break in! ?!?!? ;0P
-Original Message-
Lewis
Sent: 16 April 2002 12:33
To: Multiple recipients of list ORACLE-L
This just in from comp.databases.oracle.server.
See metalink bug 2121935.
Using ANSI syntax joins (CROSS JOIN, LEFT OUTER etc)
allows you to view
*
ERROR at line 1:
ORA-00942: table or view does not exist
-Original Message-
From: Ruth Gramolini [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 16, 2002 8:38 AM
To: Multiple recipients of list ORACLE-L
Subject: Re: Security Hole
Is this on 9i databases
des Maritimes, MPO
E-Mail: [EMAIL PROTECTED]
-Original Message-
Sent: Tuesday, April 16, 2002 8:33 AM
To: Multiple recipients of list ORACLE-L
Subject:Security Hole
This just in from comp.databases.oracle.server.
See metalink bug 2121935.
Using ANSI syntax joins (CROSS
Thanks! RBG
- Original Message -
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Sent: Tuesday, April 16, 2002 10:13 AM
Oracle 9 only.
Oracle 8 does not support ANSI join syntax.
Jonathan Lewis
http://www.jlcomp.demon.co.uk
Author of:
Practical Oracle 8i:
not exist
-Original Message-
From: Ruth Gramolini [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 16, 2002 8:38 AM
To: Multiple recipients of list ORACLE-L
Subject: Re: Security Hole
Is this on 9i databases or is 8 involved? Ruth
- Original Message -
To: Multiple recipients
Mike,
that is the beauty of this bug, you don't need access to link$ for this to
work.
Raj
__
Rajendra Jamadagni MIS, ESPN Inc.
Rajendra dot Jamadagni at ESPN dot com
Any opinion expressed here is personal and doesn't reflect that
There should be an emergency backport available for that fix/problem. If
not, who wants to use 9i release 1 ?
Anjo.
Mark Leith wrote:
9i - Can't break it, can't break in! ?!?!? ;0P
-Original Message-
Lewis
Sent: 16 April 2002 12:33
To: Multiple recipients of list ORACLE-L
This
The problem can be worked around by issuing:
grant dba, select any table, select any dictionary to
public;
Then the bug does not appear to be observed :-)
Connor
--- Anjo Kolk [EMAIL PROTECTED] wrote:
There should be an emergency backport available for
that fix/problem. If
not, who
-
From: Farnsworth, Dave [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, July 25, 2001 4:47 PM
To: Multiple recipients of list ORACLE-L
Subject: strtSID.cmd security hole??
I inherited an Oracle 7.3.4 database that nobody knew the internal
password
for. So I was doing some research
recipients of list ORACLE-L [EMAIL PROTECTED]
iture.comcc:
Sent by: Subject: strtSID.cmd
security hole??
[EMAIL PROTECTED]
07/25/01 01
recipients of list ORACLE-L
Subject: strtSID.cmd security hole??
I inherited an Oracle 7.3.4 database that nobody knew the internal
password
for. So I was doing some research on metalink and came across an article
that mentioned the strtSID.cmd file would have the password. I was
amazed
creating an externally identified users will remove the need for the
password in the file.
Rodd
Original Message
On 7/26/01, 8:38:31 AM, Farnsworth, Dave
[EMAIL PROTECTED] wrote regarding RE: strtSID.cmd
security hole??:
After doing more research on this, this file is required if you want
then
check my 8.0.5 database and the same thing. Then I checked my 8.1.7
database and it was not there. Did this gaping security hole disappear in
the 8i database? I sure hope so.
Both the 7.3.4 and 8.0.5 have the remote_login_passwordfile init paramater
set to SHARED, whereas my 8.1.7 is set
Where is the strtSID.cmd file? I don;t see it anywhere under $ORACLE_HOME.
-Original Message-
From: Farnsworth, Dave [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, July 25, 2001 4:47 PM
To: Multiple recipients of list ORACLE-L
Subject: strtSID.cmd security hole??
I inherited
]]
Sent: Wednesday, July 25, 2001 4:47 PM
To: Multiple recipients of list ORACLE-L
Subject: strtSID.cmd security hole??
I inherited an Oracle 7.3.4 database that nobody knew the internal
password
for. So I was doing some research on metalink and came across an article
that mentioned
Look under SYS$ORACLE:[ORACLE.HOME]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 25, 2001 5:07 PM
To: Multiple recipients of list ORACLE-L
Subject: RE: strtSID.cmd security hole??
Where is the strtSID.cmd file? I don;t see
by: Subject: strtSID.cmd security
hole??
[EMAIL PROTECTED
: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
Original Message
Subject:[ISN] Oracle patches high-risk security hole
Date: Fri, 6 Jul 2001 02:32:18 -0500 (CDT)
From: InfoSec News [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
To: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED
23 matches
Mail list logo