[21476] in bugtraq
Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener
daemon@ATHENA.MIT.EDU (Martin Macok)
Thu Jul 12 14:44:58 2001
Date: Thu, 12 Jul 2001 10:19:23 +0200
From: Martin Macok <martin.macok@underground.cz>
To: Jair Pedro <jair@agendasaude.com.br>
Cc: bugtraq@securityfocus.com
Message-ID: <20010712101923.B936@sarah.kolej.mff.cuni.cz>
Mail-Followup-To: Jair Pedro <jair@agendasaude.com.br>,
bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
In-Reply-To: <019801c1066a$5d9a7c30$50aaccc8@hits4>; from jair@agendasaude.com.br on Fri, Jul 06, 2001 at 07:24:04PM -0300
Content-Transfer-Encoding: 8bit
On Fri, Jul 06, 2001 at 07:24:04PM -0300, Jair Pedro wrote:
> After reading the article, I went to oracle to download the patch
> and was very surprised that in order do download the patch I would
> have to Pay!!! To access the restrict area where I could get the
> patches I would have to had a contract with them, which costs about
> 22% of the licence I already have.
Tomas Pecina (tomas@pecina.cz) asked Oracle company (Oracle Czech,
s.r.o) about this (wondering if they're violating customer's rights).
They gave as official respond in CZECH LANGUAGE (you can find it at
"http://underground.cz/661" in Czech language only) which states:
(excuse my bad english translation)
=========
[snipped things like "we're best, secure ... blabla ... technical
support is great ... 90% of our customers have techsupp ..." ]
"Customers who owns valid commercial licences in guarantee period
will be provided bugfixes for free at no costs automatically.
Other customers who owns valid commercial licences with guarantee
period passed away will be provided bugfixes FOR FREE AT NO COSTS
too IF THEY ASK FOR IT THE OFFICIAL WAY. Oracle company strongly
respects security and contentment of their customers"
[snip]
=========
So this sounds like customers do NOT have to pay. But it's not
anything good for their customers to HAVE TO ASK for updates and wait
for it instead of just simply download it from the web. All customers
should be provided all bugfixes as fast and as easy as possible, no
debate. Having to ask and wait for it is just a pain and provides no
security and no contentment for customers.
Have a nice day
--
Martin Mačok
underground.cz
openbsd.cz
