[21556] in bugtraq
RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener
daemon@ATHENA.MIT.EDU (Aaron C. Newman)
Tue Jul 17 02:10:24 2001
Reply-To: <aaron@newman-family.com>
From: "Aaron C. Newman" <aaron@newman-family.com>
To: "ian stanley" <iandstanley@users.sourceforge.net>,
"Jair Pedro" <jair@agendasaude.com.br>, <bugtraq@securityfocus.com>
Date: Mon, 16 Jul 2001 23:55:50 -0400
Message-ID: <MBEGJBCJPBGIOCKFMLLPIEAACIAA.aaron@newman-family.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
In-Reply-To: <0107131647570F.08463@linux>
Oracle has an ftp server that allows anonymous downloads. You can get the
patches from there.
ftp://oracle-ftp.oracle.com/server/patchsets/
Aaron C. Newman
CTO/Founder
Application Security, Inc.
212-490-6022
anewman@appsecinc.com
www.appsecinc.com
-Protection Where It Counts-
> I dont want support as far we have almost half a ton of books on our
> development department and all the news group on the internet...
>
> There is nothing I can do now, except to pay to correct their very own
> error, but, on my company, I do not intend to deploy any others product
> which similiar politic$ for patches.
>
> The next time we need a database, it will not be an Oracle.
> I'd like to hear from the list if there are others companies/products with
> such an absurd policy.
>
> tks
>
> Jair
> ----- Original Message -----
> From: "Aaron C. Newman" <aaron@newman-family.com>
> To: "Jeffrey M. Smith" <jsmith@purdue.edu>; <bugtraq@securityfocus.com>
> Sent: Friday, June 29, 2001 8:06 PM
> Subject: RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener
>
> > I also could not locate a patch or even a reference to the bug id
either.
