This notification came from our internal AIX support group. I hadn't seen anything about this elsewhere, so I though I'd better forward this to the list. I haven't had time to see if any of the vulnerabilities apply to the Oracle Linux/390 version, but the CERT advisory talks about both the 8i and 9i Database being vulnerable.
Mark Post ---------- Date: March 15 2002 Subject: FLASH: IBM AIX 5.1 and 4.3 Reference to CERT Advisory CA-2002-08 Multiple vulnerabilities in Oracle Servers PURPOSE OF THIS MEMO: To notify software personnel that the CERT Advisory CA-2002-08 Multiple vulnerabilities in Oracle Servers REQUIRED ACTION: Please review and make aware of the problem. PROBLEM DESCRIPTION: Reference to CERT Advisory CA-2002-08 Multiple vulnerabilities in Oracle Servers. The referenced problem will affect AIX systems. There is no IBM code involved. This is an Oracle problem. Multiple vulnerabilities in Oracle Application Server have recently been discovered. These vulnerabilities include buffer overflows, insecure default settings, failures to enforce access controls, and failure to validate input. The impacts of these vulnerabilities include the execution of arbitrary commands or code, denial of service, and unauthorized access to sensitive information. For complete details, reference CERT Advisory CA-2002-08. This document is available from: http://www.cert.org/advisories/CA-2002-08.html
