[21789] in bugtraq
RE: Oracle Vulnerability Discovered in OID
daemon@ATHENA.MIT.EDU (Dave Lee)
Mon Jul 23 14:15:18 2001
Message-ID: <20010720203726.9871.qmail@web11501.mail.yahoo.com>
Date: Fri, 20 Jul 2001 13:37:26 -0700 (PDT)
From: Dave Lee <daverlee@yahoo.com>
To: bugtraq@securityfocus.com
Cc: aaron@newman-family.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
This was covered in CERT Advisory CA-2001-18, posted
to bugtraq by aleph1 on July 17th. The posting is a
bit miss leading and has Oracle 8i Enterprise Edition
listed rather than Oracle Internet Directory (OiD).
- Dave Lee
In CERTs defense OiD does ship with the Enterprise
Edition, but that is kind of like listing Win2K is
vulnerable when it is an Exchange issue.
> -----Original Message-----
> From: Aaron C. Newman
> [mailto:aaron@newman-family.com]
> Sent: Friday, July 20, 2001 11:37 AM
> To: BUGTRAQ
> Subject: Oracle Vulnerability Discovered in OID
>
>
> There's a new vulnerability discovered in the Oracle
> Internet Directory
> (Oracle's LDAP server). It has been in the database
> since 7/16, but I
> haven't seen it mentioned here yet.
>
> Here are links to the details of the advisory:
>
> "Oracle Internet Directory contains multiple
> vulnerabilities in LDAP
> handling code"
> http://www.kb.cert.org/vuls/id/869184
>
> http://www.securityfocus.com/bid/3047
>
>
http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf
>
>
> Regards,
> Aaron C. Newman
> CTO/Founder
> Application Security, Inc.
> 212-490-6022
> anewman@appsecinc.com
> www.appsecinc.com
> -Protection Where It Counts-
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
