[21268] in bugtraq
RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener
daemon@ATHENA.MIT.EDU (Jeffrey M. Smith)
Fri Jun 29 18:27:17 2001
From: "Jeffrey M. Smith" <jsmith@purdue.edu>
To: "COVERT Labs" <covert@nai.com>, <bugtraq@securityfocus.com>
Date: Fri, 29 Jun 2001 11:54:09 -0500
Message-ID: <KBEDJMJEBJFBOLMPCIBIAEKECKAA.jsmith@purdue.edu>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <01C0FF23.2044EC60@SLIPPERY1>
> o Resolution
>
> Oracle has produced a patch under bug number 1489683 which is
> available for download from the Oracle Worldwide Support Services
> web site, Metalink (http://metalink.oracle.com) for the platforms
> identified in this advisory. The patch is in production for all
> supported releases of the Oracle Database Server.
It may be premature to say there is a resolution to this problem or the
other reported problem ([COVERT-2001-03] Oracle 8i SQLNet Header
Vulnerability). I have searched the metalink site for several hours trying
to find a bug report that references either of these problems or the
patches, to no avail. I've also searched for the patch on Oracle's ftp
server ftp-oracle.oracle.com, also without success. There are at least 3
articles posted to the internal metalink networking forum from Oracle users
who haven't been able to locate the patches.
I have opened a "TAR" with Oracle to request the patches, but has anyone
been able to locate either of these patches or the corresponding bug reports
on metalink?
Jeff Smith, Purdue University
