Here it is again. Let me know if you can read it.
ta
tony
At 08:54 AM 23/10/2003 -0800, Vergara, Michael (TEM) wrote:
Tony:
I did not receive the attachment clearly. Can you re-send it
or cite the source?
Thanks,
Mike
- -----Original Message-----
- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
- Sent: Thursday, October 23, 2003 6:25 AM
- To: Multiple recipients of list ORACLE-L
- Subject: Do not connect Oracle DB to the Internet. Oracle Alert #59
- Important: Please read the following Oracle Alert.
- We strongly recommend that you do not connect the Oracle Database
- directly to the Internet.
- Got your attention? That is what is in the Alert. These alerts are beginning
- to come all too often. Sounds just like Microsoft's software, yeah?
- Buffer Overflow in Oracle Database Server Binaries
- This is with the Oracle kernel/binary itself ie 'oracle' or 'oracleO' file
- in $ORACLE_HOME/bin.
- Description
- A potential buffer overflow has been discovered in the "oracle" and "oracleO" (the letter O) binaries
- of the Oracle Database. A knowledgeable and malicious local user can exploit this buffer overflow
- to execute code on the operating system hosting the Oracle Database server.
- Products Affected
- �
Oracle 9i Database Release 2, Version 9.2.x- �
Oracle 9i Database Release 1, Version 9.0.x- Platforms Affected
- All supported UNIX and Linux operating system variants.
- Patch only available for Linux right now.
- So who found out this vulnerability? David Litchfield? Aaron Newman?
- I know it is a bit silly to ask but does anyone know how
- to exploit this vulnerability? Send it to me directly if you dont want to
- reply publicly
- ta
- tony
2003alert59.pdf
Description: Adobe PDF document
