Hello gang, I usually wouldn't muck around with stuff like this on an Oracle list, but there's two major security vulnerabilities out in the last few days for *nix boxen that create remote root exploitable situations. One is with OpenSSH:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693 Basically, all versions before 3.7 have a remotely exploitable buffer overflow - I am unsure whether exploits have been seen in the wild. The other is with sendmail: http://www.sendmail.org/8.12.10.html while this is a remotely exploitable situation, no known exploits exist in the wild (yet). I know just about every vendor has ssh patches already - the sendmail one may be a bit too new for vendor-supplied patches, but give them a call and start haranguing them. I promise, I'll avoid this in the future, but hopefully some of y'all will get your SAs to patch up your servers. Good luck, Matt -- Matthew Zito GridApp Systems Email: [EMAIL PROTECTED] Cell: 646-220-3551 Phone: 212-358-8211 x 359 http://www.gridapp.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Matthew Zito INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
