[18705] in bugtraq
Patch for Potential Buffer Overflow Vulnerabilities in Oracle
daemon@ATHENA.MIT.EDU (Security Alerts)
Fri Jan 19 10:42:15 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Message-ID: <3A676861.28FEF398@oracle.com>
Date: Thu, 18 Jan 2001 16:04:18 -0600
Reply-To: Security Alerts <secalert_us@ORACLE.COM>
From: Security Alerts <secalert_us@ORACLE.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Patch for Potential Buffer Overflow Vulnerabilities in Oracle Internet
Directory
Description:
Several potential buffer overflow vulnerabilities have been discovered
in the Oracle Internet Directory executables 'oidldapd' and 'oidmon'.
These vulnerabilities were originally found in Oracle Internet Directory
(OID) 2.0, Release 2.0.6, on Linux. (Note: OID 2.0.6 on LINUX was a beta
release.)
Workaround:
Oracle recommends that customers implement the following workaround:
change the file permissions to 710 on the 'oidldapd' and 'oidmon'
executables. These permissions will limit access (to the executables) to
a small, privileged group of users on the host machine.
Patch Information:
Oracle has comprehensively fixed these vulnerabilities in the OID 2.0,
Release 2.0.6.3, patch set on Solaris and in the forthcoming OID 2.1,
Release 2.1.1.1, patch set. The OID 2.0.6.3 patch set is available on
Metalink, Oracle's Support Services site, http://metalink.oracle.com.
Oracle intends to produce this patch on additional platforms as well.
Credits:
Oracle would like to thank Juan Manuel Pascual EscribĂ for discovering
these vulnerabilities and promptly bringing them to Oracle's attention.
