[22118] in bugtraq
RE: vulnerability in oracle binary in Oracle 8.0.5 - 8.1.6
daemon@ATHENA.MIT.EDU (Ron Cohen)
Sat Aug 4 23:05:20 2001
From: "Ron Cohen" <sec@rony.clara.net>
To: <pask@plazasite.com>, <bugtraq@securityfocus.com>, <oracle-l@faticity.com>
Date: Sun, 5 Aug 2001 02:04:09 +0100
Message-ID: <EEEJIAELPOCPHHCNFKKPMEOLCGAA.sec@rony.clara.net>
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
In-reply-to: <3B6907E5.E832A91A@plazasite.com>
BY removing the suid bit from oracle, ay client connection originated
from non-oracle user will cause oracle to revert to tcp connection
instead of pipe. be prepared to a considerable performance degrading
if you choose this tactic.
_rony
-----Original Message-----
From: pask@plazasite.com [mailto:pask@plazasite.com]
Sent: 02 August 2001 08:57
To: bugtraq@securityfocus.com; oracle-l@faticity.com
Subject: vulnerability in oracle binary in Oracle 8.0.5 - 8.1.6
Title: Vulnerability in oracle binary in Oracle 8.0.5
....
SOLUTION:
Chmod -s ;-)))).
STATUS:
Vendor was contacted .
----------------
This vulnerability was researched by:
Juan Manuel Pascual Escriba pask@plazasite.com
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.265 / Virus Database: 137 - Release Date: 18/07/2001
